I don't speak for the NCC but as I understand it they wanted a drop in replacement for MD5-PW. -Cynthia On Thu, 10 Oct 2024, 23:13 Laurent Pellegrino, < laurent.pellegrino@ipregistry.co> wrote:

Hi there,

Given the focus on security and token management, was OAuth2 considered? It’s a widely adopted standard that includes built-in mechanisms for secure authentication and token expiration, and it supports various flows that might align with your requirements. If it was evaluated, could you please share any insights on why it wasn’t chosen?

Regards, Laurent

On Thu, Oct 10, 2024 at 12:58 PM Cynthia Revström via db-wg < db-wg@ripe.net> wrote:

...

I have to agree with Gert here. I think the intentions are good but it won't give the wanted result.

Making it so API keys are tied to a user will cause people to create shared users to hold those keys.

-Cynthia

On Wed, 9 Oct 2024, 19:21 Gert Doering, <gert@space.net> wrote:

...

Hi,

On Wed, Oct 09, 2024 at 02:28:26PM +0200, Felipe Silveira wrote:

...

Our top priority is the security of everyone???s data. While I understand these decisions will require members to make changes to their scripts, it's essential that we remain compliant and follow best practices here.

I think you've been reading the wrong books on security here... this design is actively discouraging use of API keys, because it breaks doing proper automatization on the LIR size.

Gert Doering -- NetMaster -- have you enabled IPv6 on something today...?

SpaceNet AG Vorstand: Sebastian v. Bomhard, Ingo Lalla, Karin Schuler, Sebastian Cler Joseph-Dollinger-Bogen 14 <https://www.google.com/maps/search/Joseph-Dollinger-Bogen+14?entry=gmail&source=g> Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279 ----- To unsubscribe from this mailing list or change your subscription options, please visit: https://mailman.ripe.net/mailman3/lists/db-wg.ripe.net/ As we have migrated to Mailman 3, you will need to create an account with the email matching your subscription before you can change your settings. More details at: https://www.ripe.net/membership/mail/mailman-3-migration/

----- To unsubscribe from this mailing list or change your subscription options, please visit: https://mailman.ripe.net/mailman3/lists/db-wg.ripe.net/ As we have migrated to Mailman 3, you will need to create an account with the email matching your subscription before you can change your settings. More details at: https://www.ripe.net/membership/mail/mailman-3-migration/