Dear Felipe, RIPE NCC,

Thank you for your efforts to improve account security for LIRS. I
appreciate the approach to tie API keys to individual RIPE NCC Access
accounts. I imagine the approach might help improve employee
off-boarding processes.

I want to comment on one specific aspect that I'm not entirely
comfortable with:

On Wed, Oct 09, 2024 at 02:28:26PM +0200, Felipe Silveira wrote:
> Secondly, we will implement mandatory API key expiration dates. We
> will allow the user to choose the expiry date when creating a new key,
> but expiry cannot be more than one year. We will notify the RIPE NCC
> Access user in advance by email and on our web interface(s), if any of
> their API keys are due to expire soon.

I don't see the security advantage here. The "expires after a
year"-approach means that once a year API users need to copy private key
material from RIPE portal to internal tooling, get the change approved,
test the results, etc.

Such events are are both a security sensitive operation and also a
potential operational problem when the API key isn't replaced in time. I
fear I see a potential for folks ending up working under time pressure.
If the expiry happens to coincidence with a change freeze it'll be
unwelcome.

Introducing an ability which allows users to set expiry dates on API
keys seems fine, but the maximum expiry of 1 year seems to short. I'd
prefer it if the expiry moment is left as a decision to the user.

Kind regards,

Job