ARIN-PPML Message

[ppml] Policy Proposal 2007-1: Reinstatement of PGP Authentication Method

On 15 February 2007 the ARIN Advisory Council (AC) concluded its review
of 'Reinstatement of PGP Authentication Method' and accepted it as a
formal policy proposal for discussion by the community.

The proposal is designated Policy Proposal 2007-1: Reinstatement of PGP
Authentication Method. The proposal text is below and can be found at:
http://www.arin.net/policy/proposals/2007_1.html

All persons in the community are encouraged to discuss Policy Proposal
2007-1 prior to it being presented at the ARIN Public Policy Meeting in
San Juan, Puerto Rico, 23-24 April 2007. Both the discussion on the
Public Policy Mailing List and at the Public Policy Meeting will be used
to determine the community consensus regarding this policy proposal.

The ARIN Internet Resource Policy Evaluation Process can be found at:
http://www.arin.net/policy/irpep.html

ARIN's Policy Proposal Archive can be found at:
http://www.arin.net/policy/proposals/proposal_archive.html

Regards,

Member Services
American Registry for Internet Numbers (ARIN)


## * ##


Policy Proposal 2007-1: Reinstatement of PGP Authentication Method

Authors:
Paul Vixie,
Mark Kosters,
Chris Morrow,
Jared Mauch,
Bill Woodcock

Proposal type: New

Policy term: Permanent

Policy statement:

ADDITION TO NRPM

12 Authentication Methods

12.1 Mail-From
This section intentionally left blank.

12.2 PGP
ARIN accepts PGP-signed email as authentic communication from authorized
Points of Contact. POCs may denote their records "crypt-auth,"
subsequent to which unsigned communications shall not be deemed
authentic with regard to those records.

12.3 X.509
This section intentionally left blank.

UPDATES TO TEMPLATES

ARIN shall update templates as necessary to identify and distinguish
between mail-from, PGP, and X.509 authentication methods.

UPDATES TO DOCUMENTATION

ARIN shall update documentation as appropriate to explain the
differences between mail-from, PGP, and X.509 authentication methods.

KEY USE IN COMMUNICATION:

ARIN shall accept PGP-signed communications, validate that a chain of
trust not longer than five steps exists between the signing key and the
ARIN hostmaster role key, compare the signing key to the identity of the
authorized POCs for records referenced in the correspondence, and act
appropriately based upon the validity or invalidity of the signature.

ARIN shall PGP-sign all outgoing hostmaster email with the hostmaster
role key, and staff members may optionally also sign mail with their own
individual keys.

ARIN shall accept PGP-encrypted communications which are encrypted using
ARIN's hostmaster public key.

ARIN shall not encrypt any outgoing communications except at the prior
request of the recipient.

Rationale:

Globally, PGP is the most commonly used cryptographic authentication
method between RIRs and resource recipients who wish to protect their
resource registration records against unauthorized modification. The
PGP-auth authentication method is supported by RIPE, APNIC, and AfriNIC,
LACNIC supports an equivalent mechanism, and PGP was historically
supported by the InterNIC prior to ARIN's formation. By contrast,
current ARIN resource recipients have only two options: "mail-from,"
which is trivially spoofed and should not be relied upon to protect
important database objects, and X.509, which involves a rigorous and
lengthy proof-of-identity process and compels use of a compatible MUA, a
combination which has dissuaded essentially all of ARIN's constituents.
Additionally, X.509's centralized failure mode is technically and
ideologically repugnant to some members of the community, who should not
be forced to choose between two evils.

There isn't a lot of work to do here, and certainly nothing tricky. PGP
is simple code, which was supported by the InterNIC, and which the other
RIRs deployed without a second thought or complaint. If RIPE and APNIC
have always done this, the InterNIC did it before ARIN was formed, and
LACNIC and AfriNIC took the need for cryptographic security for granted
as a part of their startup process, we see no reason why ARIN should be
the only RIR to not offer this most basic of protections to its members.

We need to get PGP support reinstated, so that our records can be
protected against hijacking and vandalism, and so we won't look like
idiots as the only one of the five regions that can't figure this stuff out.

Timetable for implementation: Immediate