[ppml] Policy Proposal 2007-1 - Staff Assessment

michael.dillon at bt.com michael.dillon at bt.com
Sun Apr 15 18:11:05 EDT 2007


> What would be _better_ is a convergence of a sane cert policy and
> a reasonable PKIX infrastructure -- many other things could work
> from this (e.g. IRR policy frobs, DNSSEC, SIDR, and even SAVA), but
> I'm aware this is not the right forum for those discussions.
> 
> My point is this: an effort should be made to use an extensible
> certificate/certification/validation architecture which can also
> be extended for other technical mechanisms in the plumbing.
> 
> If you go down the path of least resistance (a la PGP), then you've
> pretty much cornered yourselves into a semi- non-extensible mechanism
> that is pretty much "limited" w.r.t. how it could be used in a
> larger scheme.

I would think ARIN should be looking into Simple PKI
http://world.std.com/~cme/html/spki.html rather than the full-blown PKI
infrastructure stuff. But ultimately it depends on what the users want,
and that ultimately depends on what tools they use. If someone produced
a SWIP/Rwhois management tool that could talk to a variety of database
backends and then built your Rwhois db (or submitted required SWIPs),
and if it was widely adopted, then the crypto/auth stuff used by such a
tool is what ARIN would implement. But currently, there is a real
mish-mash of homegrown systems and/or commercial systems, that have the
archaic ARIN SWIP protocol baked into them somewhere. Even PGP may not
be that easy for folks to adopt without painful system surgery.

--Michael Dillon 



More information about the ARIN-PPML mailing list