[db-wg] Fwd: RIPE Database Release 1.72 - including SSO Integration

Dear colleagues,

Let me clarify.

Denis was referring to the web forms, that are also named 'syncupdates' and 'webupdates'.
The actual syncupdates service did not change.

Furthermore, the syncupdates and webupdates web forms were already enforcing https because of sensitive authentication data (e.g. passwords). The only change 
that happened yesterday was that now we also enforce https on the query form, so that the RIPE Access session token is secured.

Sorry for the misunderstanding.

Kind regards,
Agoston Horvath
Senior Software Engineer
RIPE NCC

On 03/24/2014 09:56 PM, Gert Doering wrote:
> Hi,
>
> On Mon, Mar 24, 2014 at 02:27:39PM +0100, Denis Walker wrote:
>> The RIPE Database release 1.72 has now been fully deployed to production.
>>
>> We would like to point out that, with this release, Webupdates and
>> Syncupdates can only be accessed with HTTPS and not with HTTP. This is
>> to conform to the requirements of using RIPE ACCESS now as an
>> authentication method for updating the RIPE Database. Any update using
>> HTTP will be automatically redirected to HTTPS.
>
> Uh, what?
>
> This does not *exactly* meet POLA, and that part of the change was not
> announced as such - and as it's quite likely that this breaks someone's
> syncupdate script (why would a syncupdate client be written to handle
> http->https redirects if all it wants is a single POST?) this really should
> have been announced before.
>
> ... and I'm less than convinced that wanting to have HTTPS *for RIPE
> ACCESS* is a good reason to force it by surprise on everyone else.
>
> Gert Doering
>          -- NetMaster
>