[ppml] Policy Proposal 2007-1 - Staff Assessment

Fergie fergdawg at netzero.net
Sat Apr 14 01:49:46 EDT 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -- Randy Bush <randy at psg.com> wrote:

>Bill Woodcock wrote:
>> On Fri, 13 Apr 2007, Randy Bush wrote:
>>> transitive pgp has no way of expressing what authorization is being
>>> transferred.
>> Correct.  No authorization is transferred.  Authorization is a matter of
>>  ARIN hostmaster decisions about POCs.  PGP and X.509 are simply ways of
>>  authenticating the sender as one of the POCs.  If a POC wishes to 
>> _transfer_ or modify authorization, there are existing practices and 
>> procedures in place whereby the hostmaster and the POC make that change.
>>   This policy in no way modifies or impacts those existing processes.
>
>bingo.  the procedure must be that all keys used to authorize
>transactions must be registered with arin and tied to the contract,
>period.
>
>under no circumstances should arin trust a message signed by a key not
>registered with arin through some business process.
>
>and the keys that are registered to act could be completely disjoint in
>signature chains.  the pgp web of trust is and must be completely
>irrelevant.

Sorry for jumping into the middle of the discussion, but just a
question in response to something Bill said w.r.t. x.509 -- this
is an issue that continues to crop up on several fronts, yet there
seems to be no real x.509 solution in sight.

Granted: I understand that this is why the discussion is lending
itself in the favor of PGP (which I highly endorse, by the way),
but the whole x.509 seems to nothing more than a barrier these day,
c'est nes pas?

Just trying to separate reality from... pipe dream here.

Thanks,

- - ferg

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.0 (Build 214)

wj8DBQFGIGs6q1pz9mNUZTMRAi+NAJ4mmhxzOisC4KERyq7keDKET67+FACgnCul
WQOgq7BH/DG9Xj56ayOqalA=
=xoCR
-----END PGP SIGNATURE-----



--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg(at)netzero.net
 ferg's tech blog: http://fergdawg.blogspot.com/




More information about the ARIN-PPML mailing list