[arin-discuss] certificate policy

Alan Batie noc at peak.org
Fri Oct 17 18:04:00 EDT 2008


The new web interface may make this moot, but having just gone through a
round of updates reminded me that the ARIN x509 certificate policy is
problematic.  Specifically, if you want to use certificates, A. you have
to use one signed by their certificate authority, and B. you can't use
it for anything else.

The combination makes it pretty unworkable for anyone who actually uses
certificates in email unless you create a separate email address that is
only used for ARIN communications, as at least Thunderbird only
associates one certificate with an address (or worse: per mail account).

Is there really any good reason not to be able to register certificates
from the standard CA's that everyone else already trusts?



More information about the ARIN-discuss mailing list