[ppml] mail auth proposals, was Re: the "other"...

[Edward Lewis]

Referring to:

  http://www.arin.net/policy/proposals/2007_1.html
  http://www.arin.net/policy/proposals/2007_2.html
  http://www.arin.net/policy/proposals/2007_3.html

At 8:37 -0700 4/9/07, Bill Woodcock wrote:

>I think that's one of the benefits of PGP: no direct relationship is
>needed between ARIN and the POC.  If the POC has a key, and the key has
>been signed within a certain number of steps, you're good to go.  The
>X.509 implementation required that the POC and ARIN enter into a
>heavy-weight contractual relationship.  I think the numbers speak for
>themselves, on the success of that experiment.

I'm asking about "that experiment" - is that just a turn of a phrase 
or was something run?

Last time I asked about the adoption of X.509 within ARIN the answer 
was "not very much, maybe a handful."  But I thought that ARIN has 
it's own CA service.

My impression of PGP is that "it's okay between friends" and my 
professional experience with it was limited to the days that a 
long-ago employer (I think the name at the time was Network 
Associates or McAfee) bought the technology from Phil Zimmerman and 
found that it wasn't commercially viable despite having a workable 
product.

I am not trying to raise a debate over the technology, I mean to give 
my impressions as the view of someone in the audience.  I am looking 
to fill in the background on the policy proposals and the "need 
for"/"viability of" them.

(And debating whether email templates should be used at all is out of 
scope in the discussion of the proposals at hand.)

Did ARIN (staff) also do a PGP option?
-- 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis                                                +1-571-434-5468
NeuStar

Sarcasm doesn't scale.