Subject: [ncc-services-wg] Authentication Proposal for RIPE NCC Access Date: Wed, Dec 04, 2013 at 12:57:26PM +0100 Quoting Alex Band (alexb@ripe.net):
Dear colleagues,
In our RIPE NCC Access authentication system, we offer the ability to log in using an X.509 identity certificate instead of a username and password. This functionality was transferred from the legacy authentication system we used to have, without evaluating the value of this feature at the time.
The only method I use in authenticating towards RIPE NCC systems is PGP signaures on email sent to the autobot. This new-fangled web interface bothers me not. Go ahead and remove X.509, especially if it can be replaced with multifactor auth. As was already mentioned, the phone system is not the most optimal way to do multi-factor. Use HOTP/TOTP, as also was suggested. (But if you ever consider up^W^Wdowngrading from PGP-signed email, I'll raise hell. And behave very badly on the whisky BOF.) /Måns, not representing a LIR. If it matters. -- Måns Nilsson primary/secondary/besserwisser/machina MN-1334-RIPE +46 705 989668 Quick, sing me the BUDAPEST NATIONAL ANTHEM!!