[ARIN-consult] Consultation on API Key Handling
William Herrin
bill at herrin.us
Thu Aug 8 18:58:17 EDT 2024
On Thu, Aug 8, 2024 at 8:20 AM ARIN <info at arin.net> wrote:
> We are seeking community input on the priority for updating the methods for the handling of API keys in ARIN’s RESTful provisioning system.
In my opinion...
Unless ARIN intends to release and maintain high-quality client
software libraries in each of the top 20 programming languages, it
should avoid security designs more complex than sharing a plain-text
secret within an HTTPS session. The client implementation for a
complex security scheme is pretty much always challenging and the
documentation is never good enough to get things to match byte for
byte as the security scheme tends to require.
Regards,
Bill Herrin
--
William Herrin
bill at herrin.us
https://bill.herrin.us/
More information about the ARIN-consult
mailing list