ARIN-PPML Message

[ppml] Policy Proposal: Documentation of the Mail-From Authentication Method

    1. Policy Proposal Name: Documentation of the Mail-From  
Authentication Method

    2. Authors:

          1. name: Paul Vixie
          2. email: paul at vix.com
          3. telephone: +1 650 423 1300
          4. organization: Internet Systems Consortium

          1. name: Mark Kosters
          2. email: markk at verisignlabs.com
          3. telephone: +1 703 948 3200
          4. organization: Verisign

          1. name: Chris Morrow
          2. email: christopher.morrow at verizonbusiness.com
          3. telephone: +1 703 886 3823
          4. organization: Verizon Business/UUnet

          1. name: Jared Mauch
          2. email: jmauch at us.ntt.net
          3. telephone: +1 214 915 1356
          4. organization: NTT/Verio

          1. name: Bill Woodcock
          2. email: woody at pch.net
          3. telephone: +1 415 831 3100
          4. organization: Packet Clearing House

    3. Proposal Version: 1

    4. Submission Date: Tuesday, October 24, 2006

    5. Proposal type: New

    6. Policy term: Permanent

    7. Policy statement:

       DELETION FROM THE NRPM

          3.5.1 Mail-From
                This section intentionally left blank.

       ADDITION TO THE NRPM

          3.5.1 Mail-From
                Mail-From is the default authentication method by which
                registration records are protected from vandalism. If a
                registrant fails to designate a more secure method, any
                subsequent email which bears the sender address of an
                authorized Point of Contact may be deemed authentic with
                regard to the registrant's records. Since it is trivial
                to forge a sender address, Mail-From should not be
                regarded as secure. Use of Mail-From authentication is
                not recommended to any registrant who has the means to
                implement either of the more secure cryptographic
                authentication methods.
		
    8. Rationale:

       This policy complements the previously-proposed "Reinstatement of
       PGP Authentication Method" which introduces section 3.5 to the
       NRPM. Section 3.5 relates the existence of three authentication
       methods. Two of those, mail-from and X.509, were preexisting but
       not documented within the NRPM.

       This policy proposal simply seeks to provide brief documentation
       of the existence of the mail-from authentication method. Because
       the specific wording of the documentation may be subject to
       debate, and is in no way interdependent upon the documentation of
       the other two methods, it is being proposed in a separate policy,
       so that consensus may be more easily reached.

    9. Timetable for implementation: Immediate

   10. Meeting presenter: Bill Woodcock

END OF TEMPLATE

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.arin.net/pipermail/arin-ppml/attachments/20061024/05f4ec1b/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
URL: <http://lists.arin.net/pipermail/arin-ppml/attachments/20061024/05f4ec1b/attachment.bin>