[ppml] mail auth proposals, was Re: the "other"...
Bill Woodcock
woody at pch.net
Mon Apr 9 12:44:06 EDT 2007
On Mon, 9 Apr 2007, Edward Lewis wrote:
> > The X.509 implementation required that the POC and ARIN enter into
> > a heavy-weight contractual relationship. I think the numbers
> > speak for themselves, on the success of that experiment.
>
> I'm asking about "that experiment" - is that just a turn of a phrase or
> was something run?
By "experiment" I was referring ot ARIN's X.509 CA.
> Last time I asked about the adoption of X.509 within ARIN the answer was
> "not very much, maybe a handful."
Correct. Which, if you think about the number of members ARIN has,
wouldn't seem to me to be a marked success in real-world terms, no matter
that staff provided exactly what they were asked to, and presumably with
technical success.
> My impression of PGP is that "it's okay between friends"
I think the point is that it's okay between friends-of-friends, and
somewhat farther. Whereas X.509 is okay between people who trust a
common CA.
It's sort of six-of-one, half-dozen-of-the-other, except that PGP is
what's implemented successfuly elsewhere, it's what most or many of us
already have implemented, and X.509 has demonstrably not solved the
problem.
Thus, I'd like to see us at least try what's been proven to work
everywhere else.
-Bill
More information about the ARIN-PPML
mailing list