Hi Ed, WG, [speaking as myself, not co-chair] In general I like this. I'll let others discuss their very valid points, but I want to bring up another. In the "Notification of RIPE Database changes" emails, I'd love to see an identifier of who and how made the change. Their user account if it's an SSO, a marker says "MD5" if it's a hashed password. the PGP key id if it's signed, etc, etc. And in the future, an identifier for which API key or any type of auth so we can internally identify who made the change. Of course, these identifiers would need to be visible to the admins of a mntner object. IMHO, this would help admins be able to trace which keys are actively in use and be able to fix their internal processes. I'm looking at a notify email that was sent to us 8 minutes ago, and it does identify the IP address, but not which auth method was used. -peter On 2024 Sep 18 (Wed) at 17:39:14 +0200 (+0200), Edward Shryane wrote: :Dear colleagues, : :At RIPE 88 during the DB-WG session, I mentioned the need to replace MD5 hashed passwords that are used for authenticating updates in the RIPE Database. Now I’d like to present an impact analysis of doing this, what the alternatives are, and a draft migration plan. : :Please let me know your feedback. I plan to finalise the contents and present at RIPE 89 next month. : :Regards :Ed Shryane :RIPE NCC