[ppml] Policy Proposal: Documentation of the Mail-From Authentication Method
Bill Woodcock
woody at pch.net
Tue Oct 24 17:38:33 EDT 2006
1. Policy Proposal Name: Documentation of the Mail-From
Authentication Method
2. Authors:
1. name: Paul Vixie
2. email: paul at vix.com
3. telephone: +1 650 423 1300
4. organization: Internet Systems Consortium
1. name: Mark Kosters
2. email: markk at verisignlabs.com
3. telephone: +1 703 948 3200
4. organization: Verisign
1. name: Chris Morrow
2. email: christopher.morrow at verizonbusiness.com
3. telephone: +1 703 886 3823
4. organization: Verizon Business/UUnet
1. name: Jared Mauch
2. email: jmauch at us.ntt.net
3. telephone: +1 214 915 1356
4. organization: NTT/Verio
1. name: Bill Woodcock
2. email: woody at pch.net
3. telephone: +1 415 831 3100
4. organization: Packet Clearing House
3. Proposal Version: 1
4. Submission Date: Tuesday, October 24, 2006
5. Proposal type: New
6. Policy term: Permanent
7. Policy statement:
DELETION FROM THE NRPM
3.5.1 Mail-From
This section intentionally left blank.
ADDITION TO THE NRPM
3.5.1 Mail-From
Mail-From is the default authentication method by which
registration records are protected from vandalism. If a
registrant fails to designate a more secure method, any
subsequent email which bears the sender address of an
authorized Point of Contact may be deemed authentic with
regard to the registrant's records. Since it is trivial
to forge a sender address, Mail-From should not be
regarded as secure. Use of Mail-From authentication is
not recommended to any registrant who has the means to
implement either of the more secure cryptographic
authentication methods.
8. Rationale:
This policy complements the previously-proposed "Reinstatement of
PGP Authentication Method" which introduces section 3.5 to the
NRPM. Section 3.5 relates the existence of three authentication
methods. Two of those, mail-from and X.509, were preexisting but
not documented within the NRPM.
This policy proposal simply seeks to provide brief documentation
of the existence of the mail-from authentication method. Because
the specific wording of the documentation may be subject to
debate, and is in no way interdependent upon the documentation of
the other two methods, it is being proposed in a separate policy,
so that consensus may be more easily reached.
9. Timetable for implementation: Immediate
10. Meeting presenter: Bill Woodcock
END OF TEMPLATE
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.arin.net/pipermail/arin-ppml/attachments/20061024/05f4ec1b/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
URL: <https://lists.arin.net/pipermail/arin-ppml/attachments/20061024/05f4ec1b/attachment.sig>
More information about the ARIN-PPML
mailing list