[ppml] the "other" policy proposals
michael.dillon at bt.com
michael.dillon at bt.com
Mon Apr 9 16:39:30 EDT 2007
> 2) "PGP is hard / costly to implement." PGP is available completely
> for free even for commercial use, one instance is at
> http://www.gnupg.org/.
Another is http://www.gpg4win.org/ GPG for Windows which includes a
plugin for Outlook 2003 (GPCol) amongst other things.
> I don't believe ARIN can implement this feature for free, however
> I do believe that it should be relatively inexpensive and easy
> for ARIN to implement.
Also cheap and easy for those who wish to communicate with ARIN
securely.
> We need to REMOVE Mail-From entirely. It is not secure. I suspect
> there is already some abuse going on, and as we move to IPv4
> exhaustion
> it will only get worse. The sooner we start the better.
Mail-From can be secured in operation even though the protocol on its
own is not secure. For instance, ARIN could communicate through another
channel, i.e. telephone or email to a different address, to confirm
MAIL-FROM changes. They could check the source address of the SMTP
transaction. And so on.
--Michael Dillon
More information about the ARIN-PPML
mailing list