[ppml] Policy Proposal: Documentation of the Mail-From Authentication Method
Member Services
info at arin.net
Tue Nov 21 16:15:21 EST 2006
- Previous message: [ppml] Policy Proposal: Reinstatement of PGP Authentication Method
- Next message: [ppml] Policy Proposal: Documentation of the X.509 Authentication Method
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 2 November 2006 the ARIN Advisory Council (AC) reviewed Documentation of the Mail-From Authentication Method and did not accept it at this time as a formal policy proposal. The AC will work with the author to revise the text prior to taking further action. The proposal text is below and can be found at: http://www.arin.net/policy/proposals/submission_archive.html The ARIN Internet Resource Policy Evaluation Process can be found at: http://www.arin.net/policy/irpep.html Regards, Member Services American Registry for Internet Numbers (ARIN) Member Services wrote: > ARIN received the following policy proposal. In accordance with the ARIN > Internet Resource Policy Evaluation Process, the proposal is being > posted to the ARIN Public Policy Mailing List (PPML) and being placed on > ARIN's website. > > The ARIN Advisory Council (AC) will review this proposal and may decide to: > > 1. Accept the proposal as a formal policy proposal as it is presented; > 2. Work with the author to: > a) clarify the language or intent of the proposal; > b) divide the proposal into two (2) or more proposals; or > c) combine the proposal with other proposals; or, 3. Not accept the > proposal as a formal policy proposal. > > This proposal was received within 10 days of the next scheduled meeting > of the ARIN Advisory Council; the review period may be extended to the > regularly scheduled meeting that occurs after the upcoming meeting. > > If the AC accepts the proposal or reaches an agreement with the author, > then the proposal will be posted as a formal policy proposal to PPML and > it will be presented at a Public Policy Meeting. If the AC does not > accept the proposal or can not reach an agreement with the author, then > the AC will notify the community of their decision with an explanation; > at that time the author may elect to use the petition process to advance > their proposal. If the author elects not to petition or the petition > fails, then the proposal will be considered closed. > > The ARIN Internet Resource Policy Evaluation Process can be found at: > http://www.arin.net/policy/irpep.html > > Mailing list subscription information can be found at: > http://www.arin.net/mailing_lists/index.html > > Regards, > > Member Services > American Registry for Internet Numbers (ARIN) > > > ## * ## > > > Policy Proposal Name: Documentation of the Mail-From Authentication Method > > Authors: > Paul Vixie > Mark Kosters > Chris Morrow > Jared Mauch > Bill Woodcock > > Proposal Version: 1 > > Submission Date: Tuesday, October 24, 2006 > > Proposal type: New > > Policy term: Permanent > > Policy statement: > > DELETION FROM THE NRPM > > 3.5.1 Mail-From > This section intentionally left blank. > > ADDITION TO THE NRPM > > 3.5.1 Mail-From > Mail-From is the default authentication method by which > registration records are protected from vandalism. If a > registrant fails to designate a more secure method, any > subsequent email which bears the sender address of an > authorized Point of Contact may be deemed authentic with > regard to the registrant's records. Since it is trivial > to forge a sender address, Mail-From should not be > regarded as secure. Use of Mail-From authentication is > not recommended to any registrant who has the means to > implement either of the more secure cryptographic > authentication methods. > Rationale: > > This policy complements the previously-proposed "Reinstatement of > PGP Authentication Method" which introduces section 3.5 to the > NRPM. Section 3.5 relates the existence of three authentication > methods. Two of those, mail-from and X.509, were preexisting but > not documented within the NRPM. > > This policy proposal simply seeks to provide brief documentation > of the existence of the mail-from authentication method. Because > the specific wording of the documentation may be subject to > debate, and is in no way interdependent upon the documentation of > the other two methods, it is being proposed in a separate policy, > so that consensus may be more easily reached. > > Timetable for implementation: Immediate > > _______________________________________________ > PPML mailing list > PPML at arin.net > http://lists.arin.net/mailman/listinfo/ppml >
- Previous message: [ppml] Policy Proposal: Reinstatement of PGP Authentication Method
- Next message: [ppml] Policy Proposal: Documentation of the X.509 Authentication Method
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the PPML mailing list