[ppml] Policy Proposal 2007-1 - Staff Assessment
Bill Woodcock
woody at pch.net
Sun Apr 15 22:41:31 EDT 2007
On Sun, 15 Apr 2007 michael.dillon at bt.com wrote:
> If I understand this argument correctly, it centers on how many steps in
> the chain should be allowed when deciding to accept a PGP key as
> authentication of the person submitting some type of transaction.
Correct.
> If authorization is established out-of-band through some other
> business process (letter, phone call, etc.)...
...which it is, using the current process, which this proposal in no
way seeks to change...
> ...then more steps in the chain are acceptable and Bill's policy
> language is fine as it is. The purpose for a limit of 5 steps is
> just to keep things reasonably under control. The PGP key will only
> be used to authenticate transactions as originating from a certain
> individual who is already in ARIN's db as an authorized individual.
Correct.
> The authorization then happens once per indivudual, and the
> authentication happens on every single transaction.
Correct.
> Therefore, there really is no argument between Bill and Randy, just
> a misunderstanding of assumptions.
Ah, would that all parties took that to heart; then we would live in a
better world indeed.
-Bill
More information about the ARIN-PPML
mailing list