This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/ncc-services-wg@ripe.net/
[ncc-services-wg] Authentication Proposal for RIPE NCC Access
- Previous message (by thread): [ncc-services-wg] Authentication Proposal for RIPE NCC Access
- Next message (by thread): [ncc-services-wg] Authentication Proposal for RIPE NCC Access
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Alex Band
alexb at ripe.net
Thu Dec 5 10:11:09 CET 2013
Hi Peter, On 4 Dec 2013, at 14:54, Peter Koch <pk at DENIC.DE> wrote: > On Wed, Dec 04, 2013 at 12:57:26PM +0100, Alex Band wrote: > >> Most importantly, the functionality does not actually offer any additional security. > > could you please elaborate on this assessment? The way this system is implemented, an LIR Portal user with admin rights can issue X.509 certificates to users. However, they cannot be forced to use it. Also, a passphrase is optional, meaning that itβs not really two-factor. The result is β as some have pointed out in this thread β that the feature is often used for convenience (i.e. not having to enter a password) rather than offering enhanced security. >> This is something that is provided by true two-factor authentication. > > Sure, _true_ two-factor authentication. > > I'd assume that since it's only .7%, the X.509 users (of which I am not one) are > or have already been targetted directly? No not yet. We first wanted to gauge how the Community feels about the current RIPE NCC Access authentication options and get feedback from both X.509 certificate users and those that don't have them to see if this is functionality we should continue to offer, or whether we should replace it with something better. Depending on the outcome, we would contact all users with a certificate, letting them know what the plan is. I should add that I have already been contacted offline by several users who indicated that they would be fine with seeing it go, especially if it's replaced it with a better solution. Cheers, Alex
- Previous message (by thread): [ncc-services-wg] Authentication Proposal for RIPE NCC Access
- Next message (by thread): [ncc-services-wg] Authentication Proposal for RIPE NCC Access
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]