Hi Peter,
On 19 Sep 2024, at 15:34, Peter Hessler <phessler@theapt.org> wrote:
Hi Ed, WG,
[speaking as myself, not co-chair]
In general I like this.
Thank you.
I'll let others discuss their very valid points, but I want to bring up another. In the "Notification of RIPE Database changes" emails, I'd love to see an identifier of who and how made the change. Their user account if it's an SSO, a marker says "MD5" if it's a hashed password. the PGP key id if it's signed, etc, etc.
We already do this if the update is authenticated by SSO or PGP, but not by MD5. We can additionally add "MD5" until it's deprecated, if the DB-WG has no objection ? For example, I see "Changed by SSO account: eshryane@ripe.net" in some update notifications I received this morning when testing the 1.114 release.
And in the future, an identifier for which API key or any type of auth so we can internally identify who made the change. Of course, these identifiers would need to be visible to the admins of a mntner object.
It may be a security risk to reveal information about the API key itself (I will check this internally), but we could return the name of it as defined by the user themselves? At least we can identify which SSO user authenticated the update (either interactively or via an API key).
IMHO, this would help admins be able to trace which keys are actively in use and be able to fix their internal processes.
API keys should not be shared but we can investigate how to identify to which SSO account an API key belongs.
I'm looking at a notify email that was sent to us 8 minutes ago, and it does identify the IP address, but not which auth method was used.
Perhaps the update was authenticated with a password? Regards Ed Shryane RIPE NCC