[ppml] Policy Proposal 2007-1 - Staff Assessment

Randy Bush randy at psg.com
Sat Apr 14 01:37:30 EDT 2007


Bill Woodcock wrote:
> On Fri, 13 Apr 2007, Randy Bush wrote:
>> transitive pgp has no way of expressing what authorization is being
>> transferred.
> Correct.  No authorization is transferred.  Authorization is a matter of 
> ARIN hostmaster decisions about POCs.  PGP and X.509 are simply ways of 
> authenticating the sender as one of the POCs.  If a POC wishes to 
> _transfer_ or modify authorization, there are existing practices and 
> procedures in place whereby the hostmaster and the POC make that change.  
> This policy in no way modifies or impacts those existing processes.

bingo.  the procedure must be that all keys used to authorize
transactions must be registered with arin and tied to the contract,
period.

under no circumstances should arin trust a message signed by a key not
registered with arin through some business process.

and the keys that are registered to act could be completely disjoint in
signature chains.  the pgp web of trust is and must be completely
irrelevant.

randy



More information about the ARIN-PPML mailing list