[ppml] 2007-1, was Re: mail auth proposals
william(at)elan.net
william at elan.net
Tue Apr 10 16:55:46 EDT 2007
- Previous message: [ppml] 2007-1, was Re: mail auth proposals
- Next message: [ppml] 2007-1, was Re: mail auth proposals
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Tue, 10 Apr 2007, Edward Lewis wrote: > http://www.arin.net/policy/proposals/2007_1.html > > At 6:40 -1000 4/10/07, Randy Bush wrote: > >>> ARIN shall accept PGP-signed communications, validate that a >>> chain of trust not longer than five steps exists between the >>> signing key and the ARIN host master role key... >> >> this is not wise. with pgp, i would not trust anything more than >> one hop from the key on file with the contract. pgp is not x.509. > > I want to add a "I noticed this too and disagree" with the quip > highlighted by Randy. It was in the back of my mind when > "questioning" PGP but I didn't think to include it explicitly. > > Meaning - X.509 is clear; ARIN can fix/cement the certs so that it is > both the issuer and the relying party hence put "trust" into the > binding of the key to the POC and the message (via signature) to the > POC. With PGP you have to either be willing to trust "introducers" > or else restrict our trust to only those with whom you directly > signed their keys. > > X.509 and PGP both can bind a key to an entity but they trust > architecture is different. X.509 is hierarchical, PGP is not. > Neither is better than the other, neither is worse than the other, > but they are different. I am for ARIN making PGP available only if > it is implemented in a way that ARIN has "control" of the trust > arrangement as far as they "control" anything else. (By that I mean, > via example - ARIN can delegate DNS to someone and has a policy for > lame delegations. If that someone then delegates elsewhere, it is > beyond ARIN's control and the lame delegation policy doesn't cover > that.) I don't quite understand how you connected PGP authorizatoin policy with lame-deligations. As far as PGP I have a comment. Current policy text states that: "ARIN shall accept PGP-signed communications, validate that a chain of trust not longer than five steps exists between the signing key and the ARIN hostmaster role key" I believe that is too long and opens for security holes when ARIN does not know for sure if it can trust persons in between. I think ARIN should accept maximum 2-step PGP chain but have special system where ARIN will sign key for any contact it previously authenticated by either PGP or S/MIME (maybe use different key for that if person is not authenticated in person). Also text says "ARIN shall PGP-sign all outgoing hostmaster email with the hostmaster role key, and staff members may optionally also sign mail with their own individual keys." Last part is completely unnecessary, staff members should feel free to use PGP no matter if policy states it or not. -- William Leibzon Elan Networks william at elan.net
- Previous message: [ppml] 2007-1, was Re: mail auth proposals
- Next message: [ppml] 2007-1, was Re: mail auth proposals
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the PPML mailing list