[db-wg] MD5s of the RIPE database, Deprecation of MD5 and safe authentication methods
- Previous message (by thread): [db-wg] MD5s of the RIPE database, Deprecation of MD5 and safe authentication methods
- Next message (by thread): [db-wg] [training] RIPE NCC Webinars - new dates
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Sascha Luck [ml]
dbwg at c4inet.net
Wed Jun 17 17:59:54 CEST 2015
Sorry for breaking the thread already, wasn't subscribed to this before. IMO there is a lot of work to be done before deprecating passwords. Right now this seems more than a little half-baked: 1) There should most definitely be SSO support for syncupdates. Webupdates, I'm sure, is fine for some but to me it's the most awkward and time-consuming way to make any db change. As far as email is concerned, deprecate that for all I care. I have never used that method in 15 years. 2) There are many issues with using PGP. As someone who makes DB changes for up to 5 LIRs at a time and who does not have a desk with a PC from which all work is done, what am I supposed to do? (On a side note, SSO has made that job so very much easier. If it can be used to authenticate mntners, by all means, please make that possible!) -Use the same privkey for all mntners? Hardly. -put all the privkeys on a USB stick? What if that is lost or stolen? All mntners are now compromised and have to be changed. Hopefully there is a copy of each privkey in some secure location... So, I wouldn't deprecate passwords until there is another option that is as flexible as a simple password. rgds, Sascha Luck
- Previous message (by thread): [db-wg] MD5s of the RIPE database, Deprecation of MD5 and safe authentication methods
- Next message (by thread): [db-wg] [training] RIPE NCC Webinars - new dates
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ db-wg Archives ]