[ppml] the "other" policy proposals

Martin Hannigan martin.hannigan at batelnet.bs
Mon Apr 9 00:00:21 EDT 2007


> 
> http://www.arin.net/policy/proposals/2007_1.html
> http://www.arin.net/policy/proposals/2007_2.html
> http://www.arin.net/policy/proposals/2007_3.html
> 
> For as much as is on the surface, but against if the
> method appears in WhoIs.

I already said "for" to these policies, but I lost a thought
in the ensuing argument. I wish to rescind my "for", for
now.

Shouldnt the discussion be around "why not both" vs. why pgp
is better than certificates.

In my experience, pgp or certs are not "free". When they
are, they generally
have restrictions on commercial use. Many organizations
already have
policy around authentication and encryption and making them
choose between
either seems like forcing a choice of "use" or "not use" the
new method 
that this policy seeks to create. Creating this policy
around pgp also
seems like it may be ineffective since we would be creating
something
for a smaller subset of users. X.509, if anything, has
widespread 
acceptance, much wider than PGP - at least commercially.
Since we
are talking commercial use case, that would mean that the
records are
corporate records and that they require the use, in most
cases, of
properly licensed applications. Still, minor nits in the
grand
scheme of things. The primary purpose to accept this policy
would
be widespread use. I do not see that as a reality in the
existing
policy.  Assuming that there is no knob to turn this
functionality 
on, sometimes, nothing can be better if the something is
barely
used or created for a relatively small subset and requires
significant 
effort. 

Offering both would make it a more widely usable service.

Why not both? Yes, I read the rationale. Why are certs good
enough for
eTrade, eBay, Fidelity, and others, but not ARIN?

I think the section related to staff should also be removed.
That seems like a customer service issue and not a policy
issue.
If certs are the most widely used auth method for emailing
the
staff, then the staff should choose how to operate the
business.

Best,

-M<





More information about the ARIN-PPML mailing list