[ppml] Policy Proposal 2007-1 - Staff Assessment
Randy Bush
randy at psg.com
Fri Apr 13 14:27:59 EDT 2007
- Previous message: [ppml] Policy Proposal 2007-1 - Staff Assessment
- Next message: [ppml] Policy Proposal 2007-1 - Staff Assessment
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> 4. In the section "KEY USE IN COMMUNICATION", the proposal requires > validation of "a chain of trust not longer than five steps" between the > signing key and ARIN's hostmaster role key, without regard to whether > such intermediary signers are ARIN POCs, or are even known to ARIN. > Without direct binding of the PGP key to an ARIN POC record, such > anonymity in the chain of trust raises serious questions about how ARIN > staff will know and evaluate that an e-mail from a signer is > authentically from the ARIN POC that the sender claims to be. this is critical! > 5. A PGP-key for hostmaster at arin.net exists on pgp.mit.edu as well > as other well-known PGP-key repositories. This key was set up during > the early days of ARIN, and the passphrase for the key is, as of this > writing, MIA. This prevents ARIN from using the key to sign anything, > and furthermore prevents ARIN from removing the key from the key > repositories mentioned above. Although ARIN could proceed by generating > a new PGP-key, we would need to use a limited distribution mechanism > that excludes well-known servers, since more than one key for the same > e-mail address cannot exist in the key servers. i believe that last assertion to be incorrect randy
- Previous message: [ppml] Policy Proposal 2007-1 - Staff Assessment
- Next message: [ppml] Policy Proposal 2007-1 - Staff Assessment
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the PPML mailing list