RIPE Database Working Group Minutes RIPE 90
Thursday, 15 May 2025, 11:00-12:30 (UTC+1)
Chairs: David Tatlisu, Peter Hessler, William Sylvester
Scribe: Hans Bakker
Status: Draft
A. Introduction
Working Group Chair, William Sylvester, opened the session and welcomed attendees. William went through the agenda for the session and invited Ed Shryane to begin with the operational update.
B. Operational Update
Edward Shryane, RIPE NCC
Ed Shryane, RIPE NCC, summarised the RIPE Database team’s work over the past six months, including four Whois releases. Ed mentioned three Whois outages which happened over the last few months and gave an explanation of each. He apologised for the disruptions and provided reassurance that steps had been taken to prevent similar issues.
Ed highlighted usage statistics, infrastructure updates, and upcoming and ongoing changes. Ed also shared that API Keys authentication had been available since January. He noted that there was a RIPE Labs article and documentation on the topic. Support for MD5 hashed passwords will be removed by the end of 2025. Also mentioned in the update were RDAP efforts, NRTMv4 Mirroring (NWI-12) and RIPE NCC Activity Plan 2025 commitments.
Ed finished by asking for input on two topics. He asked whether the RIPE-NONAUTH Database should be retired. And secondly, whether UTF-8 should be added to the RIPE Database. A proposal was shared to allow UTF-8 in “descr:” and “remarks:” attributes (both free text attributes). This would be a minimum viable change that allows for UTF-8 to be introduced. Ed will send a problem statement to the Database Working Group mailing list and include an impact analysis for discussion.
Kenji Shioda, Nebula Online BV, mentioned that Ed explained a lot of reasons to discard the NONAUTH Database. He asked whether Ed could also think of reasons why they could keep it? Ed could not and noticed that it had already been retired in the ARIN region, seemingly without impact.
Rudiger Volk, retired, suggested that the RIPE NCC look at shared data and analyse whether some things that are supposed to go away are still used and to what extent. Ed agreed to do so but also warned that there had been a lot of data there for a long time and it wouldn’t go away by itself.
Lutz Donnerhacke, IKS Service GmbH, ICANN, suggested that the RIPE NCC offer stored information in delegated form to show that the distributed or hierarchical database is possible. He said this would influence discussion about Whois information or the registration data information at ICANN level.
C. OAuth 2.0 Authentication
Adonis Stergiopoulos, RIPE NCC
Adonis Stergiopoulos, RIPE NCC, talked about Oauth 2.0, a standard designed to access resources hosted by other web apps on behalf of a user. In January 2025, the RIPE NCC introduced API Keys to authenticate updates in the RIPE Database. Now OAuth 2.0 is being implemented as an alternative to API Keys for authentication. API keys and the OAuth 2.0 solution are meant to be complementary.
Adonis explained Authorisation Flows and mentioned that they were holding user interviews to gather information on what users need. Phase one of the recommended solution, Authorisation Code Flow (with PKCE), will be delivered in mid-2025. The architecture of the Authorisation Code Flow was also shared.
Finally, Adonis mentioned that OAuth 2.0 defines two main types of tokens (access tokens and refresh tokens) and their expiration times. He said it was important to remember that it was always a trade-off between security and usability. Adonis said he was looking for input and for volunteers to test the proposed Authorisation Code Flow solution.
There were no comments or questions.
D. NWI Review
Working Group Chairs
William explained that there was a discussion at RIPE 89 on two Numbered Work Items (NWIs) for the Database Working Group, NWI-2 and NWI-17. Both were related to displaying history for Database objects. The Chairs would use the week after RIPE 90 to go through the discussion so far and summarise it. He said they would bring it to the Working Group for further discussion the week after.
William also mentioned that the Action list on the Database Working Group webpage would be retired since it was last updated on 7 May 2009. William will send out a link to the mailing list for people to review, before the Friday after the RIPE Meeting.
Finally, he suggested that interested people review NWI’s 15, 16, 17 and 18. Once finished with NWI-2 and NWI-17 the Chairs suggest jumping on those NWI’s together.
Z. AOB (open discussion)
William invited Randy Bush, RGnet, Arrcus, IIJ Research, to share more on his proposal that the draft RFC "Publishing End-Site Prefix Lengths" be implemented in the RIPE Database. It allows an operator to document what prefix length they are using, similar to the geofeed attribute.
And finally, David shared that William will step down from his position as Chair after seventeen RIPE Meetings. William was thanked for his service and received gifts as a token of appreciation.
The session concluded with encouragement to provide feedback on all RIPE 90 sessions and reminders to vote in the RIPE NCC Board and RIPE PC elections.