[db-wg] MD5s of the RIPE database, Deprecation of MD5 and safe authentication methods

Sorry for breaking the thread already, wasn't subscribed to this
before.

IMO there is a lot of work to be done before deprecating
passwords. Right now this seems more than a little half-baked:

1) There should most definitely be SSO support for syncupdates.
Webupdates, I'm sure, is fine for some but to me it's the most
awkward and time-consuming way to make any db change.
As far as email is concerned, deprecate that for all I care. I
have never used that method in 15 years. 

2) There are many issues with using PGP. As someone who makes DB
changes for up to 5 LIRs at a time and who does not have a desk
with  a PC from which all work is done, what am I supposed to do?

(On a side note, SSO has made that job so very much easier. If it
can be used to authenticate mntners, by all means, please make
that possible!)

-Use the same privkey for all mntners? Hardly.
-put all the privkeys on a USB stick? What if that is lost or stolen?
All mntners are now compromised and have to be changed.
Hopefully there is a copy of each privkey in some secure
location...

So, I wouldn't deprecate passwords until there is another option
that is as flexible as a simple password.

rgds,
Sascha Luck