This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/db-wg@ripe.net/
[db-wg] API keys for database maintenance
- Previous message (by thread): [db-wg] API keys for database maintenance
- Next message (by thread): [db-wg] API keys for database maintenance
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Edward Shryane
eshryane at ripe.net
Wed Mar 18 16:29:27 CET 2020
Hi Gunnar, We're indeed also working on Client Certificate authentication (we have tested it, and now it's pending a security review). However, to make use of this, a user must: - Generate an X.509 certificate - Extract the certificate as text and create a key-cert object from it - Associate the key-cert with a maintainer in an auth: attribute - Configure the Whois client to send the client certificate when connecting to the REST API (or Syncupdates). This is not trivial to do, and we can see that although signed updates are supported in Whois, it has low usage. It is still worthwhile to support this, as the credential (secret) is only stored locally on the client. Hopefully API keys will be more "user friendly" and can be used in preference to MD5 hashed passwords. Regards Ed Shryane RIPE NCC > On 18 Mar 2020, at 09:45, Gunnar Gušvaršarson <gunnar.gudvardarson at advania.is> wrote: > > Hey,I think that if we get x509 client certificate authentication for the API working, it might even be easier. > All the UI to add certs and auth them on mntners is already there, the web services just need endpoints that request and use client provided certs. > https://github.com/RIPE-NCC/whois/issues/534 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2636 bytes Desc: not available URL: </ripe/mail/archives/db-wg/attachments/20200318/e90ee2db/attachment.p7s>
- Previous message (by thread): [db-wg] API keys for database maintenance
- Next message (by thread): [db-wg] API keys for database maintenance
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ db-wg Archives ]