[ppml] Policy Proposal: Documentation of the Mail-From Authentication Method
Member Services
info at arin.net
Wed Oct 25 09:34:48 EDT 2006
ARIN received the following policy proposal. In accordance with the ARIN
Internet Resource Policy Evaluation Process, the proposal is being
posted to the ARIN Public Policy Mailing List (PPML) and being placed on
ARIN's website.
The ARIN Advisory Council (AC) will review this proposal and may decide to:
1. Accept the proposal as a formal policy proposal as it is presented;
2. Work with the author to:
a) clarify the language or intent of the proposal;
b) divide the proposal into two (2) or more proposals; or
c) combine the proposal with other proposals; or, 3. Not accept the
proposal as a formal policy proposal.
This proposal was received within 10 days of the next scheduled meeting
of the ARIN Advisory Council; the review period may be extended to the
regularly scheduled meeting that occurs after the upcoming meeting.
If the AC accepts the proposal or reaches an agreement with the author,
then the proposal will be posted as a formal policy proposal to PPML and
it will be presented at a Public Policy Meeting. If the AC does not
accept the proposal or can not reach an agreement with the author, then
the AC will notify the community of their decision with an explanation;
at that time the author may elect to use the petition process to advance
their proposal. If the author elects not to petition or the petition
fails, then the proposal will be considered closed.
The ARIN Internet Resource Policy Evaluation Process can be found at:
http://www.arin.net/policy/irpep.html
Mailing list subscription information can be found at:
http://www.arin.net/mailing_lists/index.html
Regards,
Member Services
American Registry for Internet Numbers (ARIN)
## * ##
Policy Proposal Name: Documentation of the Mail-From Authentication Method
Authors:
Paul Vixie
Mark Kosters
Chris Morrow
Jared Mauch
Bill Woodcock
Proposal Version: 1
Submission Date: Tuesday, October 24, 2006
Proposal type: New
Policy term: Permanent
Policy statement:
DELETION FROM THE NRPM
3.5.1 Mail-From
This section intentionally left blank.
ADDITION TO THE NRPM
3.5.1 Mail-From
Mail-From is the default authentication method by which
registration records are protected from vandalism. If a
registrant fails to designate a more secure method, any
subsequent email which bears the sender address of an
authorized Point of Contact may be deemed authentic with
regard to the registrant's records. Since it is trivial
to forge a sender address, Mail-From should not be
regarded as secure. Use of Mail-From authentication is
not recommended to any registrant who has the means to
implement either of the more secure cryptographic
authentication methods.
Rationale:
This policy complements the previously-proposed "Reinstatement of
PGP Authentication Method" which introduces section 3.5 to the
NRPM. Section 3.5 relates the existence of three authentication
methods. Two of those, mail-from and X.509, were preexisting but
not documented within the NRPM.
This policy proposal simply seeks to provide brief documentation
of the existence of the mail-from authentication method. Because
the specific wording of the documentation may be subject to
debate, and is in no way interdependent upon the documentation of
the other two methods, it is being proposed in a separate policy,
so that consensus may be more easily reached.
Timetable for implementation: Immediate
More information about the ARIN-PPML
mailing list