On Wed, Dec 04, 2013 at 12:57:26PM +0100, Alex Band wrote:
In our RIPE NCC Access authentication system, we offer the ability to log in using an X.509 identity certificate instead of a username and password. This functionality was transferred from the legacy authentication system we used to have, without evaluating the value of this feature at the time.
Since then, we have encountered several implementation, user interface and support issues surrounding this feature, while it is used by less than 0.7% of the users with a RIPE NCC Access account. Most importantly, the functionality does not actually offer any additional security. This is something that is provided by true two-factor authentication.
We would like to propose to put this functionality in maintenance mode, meaning that it would be provided as it is without a service guarantee. Alternatively, it could be removed altogether. This would free us of a maintenance and support burden, meaning that we can spend these resources on other valuable services.
Ok for me.
If the membership approves, the RIPE NCC could investigate ways to implement true two-factor authentication for RIPE NCC Access.
I'm glad to hear that. Piotr -- gucio -> Piotr Strzyżewski E-mail: Piotr.Strzyzewski@polsl.pl