Dear Felipe, RIPE NCC, On Tue, Oct 15, 2024 at 12:05:51PM +0200, Felipe Silveira wrote:
I understand the impact that these requirements can have on you and the inconvenience that they can cause. We need to find the right balance between security and ease of use, and sometimes this can be a difficult puzzle to solve.
About the expiry time for the API keys: we chose a maximum of one year expiry of API keys as a trade-off between security and ease of use. A long validity period is convenient but increases the risk the API key is exposed.
In addition, a procedure to rollover the API key is necessary no matter the validity period. However, the longer the validity, the less frequently this procedure is performed. This can lead to a risk that staff will be unfamiliar with doing it, which may result in downtime if the procedure is not followed correctly. Before any API key expires, the RIPE NCC will notify the user via the website and by email, giving them time to perform a rollover. An organisation can also track the expiration themselves as part of their rollover procedure.
If you have further questions please let me know.
The main reason the APIs are used at all is because people like to automate things. I am not necessarily opposed to expiring / rotating secret materials, but I do have concerns about this being manually instrumented events. I agree folks need to have rollover procedures in place, but I'm not looking forward to an annual manual operation which doesn't improve security in my specific deployment for automated RPKI ROA management. Can an API be provided to facilitate API key management? Think along the lines of Let's Encrpt / ACME protocol: short-lived TLS certs are possible *because* the workflow is automated end-to-end. Kind regards, Job