[ppml] the "other" policy proposals
martin.hannigan at batelnet.bs
Mon Apr 9 00:00:21 EDT 2007
> For as much as is on the surface, but against if the
> method appears in WhoIs.
I already said "for" to these policies, but I lost a thought
in the ensuing argument. I wish to rescind my "for", for
Shouldnt the discussion be around "why not both" vs. why pgp
is better than certificates.
In my experience, pgp or certs are not "free". When they
are, they generally
have restrictions on commercial use. Many organizations
policy around authentication and encryption and making them
either seems like forcing a choice of "use" or "not use" the
that this policy seeks to create. Creating this policy
around pgp also
seems like it may be ineffective since we would be creating
for a smaller subset of users. X.509, if anything, has
acceptance, much wider than PGP - at least commercially.
are talking commercial use case, that would mean that the
corporate records and that they require the use, in most
properly licensed applications. Still, minor nits in the
scheme of things. The primary purpose to accept this policy
be widespread use. I do not see that as a reality in the
policy. Assuming that there is no knob to turn this
on, sometimes, nothing can be better if the something is
used or created for a relatively small subset and requires
Offering both would make it a more widely usable service.
Why not both? Yes, I read the rationale. Why are certs good
eTrade, eBay, Fidelity, and others, but not ARIN?
I think the section related to staff should also be removed.
That seems like a customer service issue and not a policy
If certs are the most widely used auth method for emailing
staff, then the staff should choose how to operate the
More information about the ARIN-PPML