[ppml] Policy Proposal 2007-1 - Staff Assessment
Bill Woodcock
woody at pch.net
Sat Apr 14 01:28:50 EDT 2007
On Fri, 13 Apr 2007, Stephen Sprunk wrote:
> If bob at foo.com signs a key for john at bar.com, ARIN could
> legitimately consider mail from john at bar.com to be authentic if ARIN trusts
> bob at foo.com. Still, ARIN would only allow john at bar.com to update FooCorp's
> records if he was a POC for FooCorp.
Yes, that is correct. The proposal neither says nor intends anything more
than that.
> I happen to think five steps is excessive, and would like that revised
> lower, but by itself that's not enough reason for me to be against this
> proposal.
None of us have any stake in the number. As I said before, I think all of
us would be just as happy with 2 as 5. 1 is too short, and 6 is
definitely too long. But somewhere between 2 and 5 would seem to be a
reasonable window.
> Counsel's reasonable concerns about liability may require
> us to eliminate the chain of trust entirely.
With all due respect to my colleague Mr. Ryan, the alternative is
mail-from. I think that needs to be kept in mind, when one speaks of
relative liability.
> I know for a fact it's incorrect; the same thing happened to me years ago
> and the keyserver network now has several different keys for me (only one of
> which I still possess).
>
> Still, I'd expect that the keyserver operators would cooperate with removing
> ARIN's old key if contacted by non-electronic means.
Yes, I believe both of these to be true, and pertinent.
-Bill
More information about the ARIN-PPML
mailing list