[arin-discuss] Template-based email as a third registry access method
ram at robertmarder.com
Wed Apr 4 12:26:38 EDT 2012
I would also add to that things like DKIM/DomainKeys which is in fairly
common use and can/is used to verify that an email came from a given
place. If ARIN combined this with the From: verification ARIN already
supports, then even if someone intercepted your API key, they wouldn't
be able to do anything with it via email unless they can send email from
your email server, too.
On 04.04.2012 11:17, Dmitry Kohmanyuk wrote:
> On Apr 4, 2012, at 6:46 PM, Alec Ginsberg wrote:
>> eMail is sent clear textŠ
> Not true. TLS (SSL) for SMTP was in use for many years. See
> http://www.ietf.org/rfc/rfc3207.txt (published 2002).
> Look at Received: headers of several messages in your INBOX --
> chances are that most of them were encrypted all the way (including
> initial submission on port 587.
> Your client also can (and should) use TLS when fetching responses
> IMAP protocol. Thus, no cleartext in data path.
> ARIN MAY even enforce use of TLS on smtp server used for secure email
> template submission (I would not suggest
> making this change for all email sent to ARIN, of course -- and even
> for email templates it better be a secondary server.
> -- dk@
>> Web Services can require SSL encrypted payloads.
> SMTP services, likewise. Example, for Exim server:
> You are receiving this message because you are subscribed to
> the ARIN Discussion Mailing List (ARIN-discuss at arin.net).
> Unsubscribe or manage your mailing list subscription at:
> Please contact info at arin.net if you experience any issues.
More information about the ARIN-discuss