[ppml] 2007-1, was Re: mail auth proposals

[Bill Woodcock]

      On Tue, 10 Apr 2007, william(at)elan.net wrote:
    > I think ARIN should accept maximum 2-step PGP chain...

I think I can guess that the authors would all be fine with that.  I 
certainly would be.  I don't think anyone's attached to the number five, 
and I think most of us aren't positive we need to specify a number in the 
policy.

    > ...but have special system where ARIN will
    > sign key for any contact it previously authenticated...

Well, the idea was that ARIN hostmasters would do key-signings at ARIN 
meetings, and participate in key-signings at other meetings, but we felt 
that it was too prescriptive to get into that level of detail in the 
policy.

We don't feel that ARIN should apply something other than the 
normally-accepted PGP authentication process (check government-issued 
photo ID in the physical presence of the other person, and hear their key 
fingerprint from them directly).  There's a right way to do it, and ARIN 
shouldn't break an established practice.

    > Last part is completely unnecessary, staff members should feel free to 
    > use PGP no matter if policy states it or not.

That would be nice, but unfortunately we didn't agree that it was 
unnecessary to say it.  :-/

                                -Bill