[ppml] Policy Proposal 2007-1 - Staff Assessment

Bill Woodcock woody at pch.net
Sun Apr 15 22:41:31 EDT 2007


      On Sun, 15 Apr 2007 michael.dillon at bt.com wrote:
    > If I understand this argument correctly, it centers on how many steps in
    > the chain should be allowed when deciding to accept a PGP key as
    > authentication of the person submitting some type of transaction.

Correct.

    > If authorization is established out-of-band through some other 
    > business process (letter, phone call, etc.)...

...which it is, using the current process, which this proposal in no 
way seeks to change...

    > ...then more steps in the chain are acceptable and Bill's policy 
    > language is fine as it is. The purpose for a limit of 5 steps is 
    > just to keep things reasonably under control. The PGP key will only 
    > be used to authenticate transactions as originating from a certain 
    > individual who is already in ARIN's db as an authorized individual.
   
Correct.

    > The authorization then happens once per indivudual, and the
    > authentication happens on every single transaction.

Correct.

    > Therefore, there really is no argument between Bill and Randy, just 
    > a misunderstanding of assumptions.

Ah, would that all parties took that to heart; then we would live in a 
better world indeed.

                                -Bill




More information about the ARIN-PPML mailing list