This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/ncc-services-wg@ripe.net/
[ncc-services-wg] Enforce 2FA for RIPE NCC Access account
- Previous message (by thread): [ncc-services-wg] Enforce 2FA for RIPE NCC Access account
- Next message (by thread): [ncc-services-wg] Enforce 2FA for RIPE NCC Access account
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
denis walker
ripedenis at gmail.com
Thu Jan 4 19:55:49 CET 2024
Colleagues I almost get tired of saying it, but the RIPE Database is based on a 25+ year old design and technology. Nothing related to the security of your data in the database should be public. Some time ago we filtered the password encrypted string and SSO name. I don't need to know ANY details of your security. Do you use passwords or SSO or PGP or X.509. How many passwords you have. How many SSO accounts are linked. The MNTNER object should not be public!!! The whole security module of the RIPE Database should be redesigned, even if we do nothing else. We currently have an LIR portal, only for people/organisations who are resource holders. But the RIPE Database is a combined number and routing registry. There are people who manage routing data who may not be resource holders. The LIR portal should become an RIR portal. Anyone who maintains data in the RIPE Database should have an account. ALL security arrangements should be managed through the portal account. This needs a completely redesigned security model. Notifications are a form of audit trail. This should be built into a new security model and taken out of the public database, or at least hidden from public view. I don't need to know anything about how you audit changes to your data. It can also be managed through your portal account. EVERY time I raise the subject of the RIPE Database design or technology, EVERY one of you completely blanks the subject. When a service at the core of internet operations is built on a 25+ year old design and technology, why are you surprised it has vulnerabilities The RIPE community's complete refusal to even engage in any conversation about the RIPE Database design and technology and how it secures data is so unprofessional. I know I will be heavily criticised for saying that, but you need to be hit with a dose of reality. It is time for some of you to wake up and smell the coffee. Of course it will cost the RIPE NCC membership money to redesign (part of) the RIPE Database. But how much will it cost you not to do it? Drop this community wide obsession with ignoring this topic and at least discuss the basic question, "Is it time to discuss redesigning (parts of) the RIPE Database?". cheers denis co-chair DB-WG On Thu, 4 Jan 2024 at 17:44, Daniel Suchy via ncc-services-wg <ncc-services-wg at ripe.net> wrote: > > Hi, > > On 1/4/24 16:58, Gert Doering wrote: > > Provide visibility, and enforce 2FA for all accounts hat have "interesting" > > permissions (modify RPKI objects, transfer resources), at least. > > from this perspective, even maintainers (linked not only to SSO > accounts; [1]) accounts are interesting asset. At least those linked to > route/route6 and as-set objects. Deleting them can also cause a lot of > operational damage, as filters are processed automatically according to > IRR data at many places. > > And the maintainers are tied directly to all objects, there's no link > back to the LIR portal. > > It's not only about RPKI-related objects. The problem is more complex > from this point of view. Only the unwanted ROA modification pointed to > it, but the same issue can occur with other kind of objects id DB. > > Transfers are better protected I think, as there's always some manual > intervention (and legal authorization). > > - Daniel > > [1] > https://apps.db.ripe.net/docs/Authorisation/Using-the-Authorisation-Methods/ > > -- > > To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://mailman.ripe.net/
- Previous message (by thread): [ncc-services-wg] Enforce 2FA for RIPE NCC Access account
- Next message (by thread): [ncc-services-wg] Enforce 2FA for RIPE NCC Access account
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]