[ppml] 2007-1, was Re: mail auth proposals
michael.dillon at bt.com
michael.dillon at bt.com
Tue Apr 10 19:19:32 EDT 2007
> I believe that is too long and opens for security holes when ARIN does
> not know for sure if it can trust persons in between. I think
> ARIN should
> accept maximum 2-step PGP chain but have special system where
> ARIN will
> sign key for any contact it previously authenticated by either PGP or
> S/MIME (maybe use different key for that if person is not
> authenticated
> in person).
I don't think it's too long and I don't think it's too short. I don't
think that 5 steps is right either and I don't think that details like
this belong in policy.
I do think that ARIN should consult a recognized security expert for
advice on this. Someone with the stature of Steve Bellovin or Bruce
Schneier for instance or someone who has credentials from IETF
security-related working groups.
99% or more of the people on this list, including me, are not qualified
to give expert opinions on this even if we have implemented security
systems in the past.
--Michael Dillon
More information about the ARIN-PPML
mailing list