[ppml] Policy Proposal 2007-1 - Last Call
Ed.Lewis at neustar.biz
Thu Apr 26 11:27:15 EDT 2007
I thought I understood Randy's objection, but after a re-read I don't
think I do. Still, I believe that any chain relying on non-ARIN
(approved) trusted introductions is a bad idea.
Let's say I get someone to sign a key for me with an identity of Owen
DeLong. If ARIN accepts that someone as a trusted introducer, then
how can ARIN distinguish between templates submitted by me signed
with my Owen key and templates Owen genuinely submits?
Authorization policy is undermined by weakness in the authentication method.
By ARIN-approved, I mean either ARIN-only or some set of other
established Internet organizations (like AfriNIC, IETF, etc.), or
even some set of ARIN members that have a good track record in being
trusted to introduce. The latter to me is a bit of a stretch.
At 4:15 -0700 4/26/07, Owen DeLong wrote:
>Content-Type: multipart/signed; micalg=sha1; boundary=Apple-Mail-9--437058209;
>It was pretty clear that the trust chain is being used for AUTHENTICATION
>only. The AUTHORIZATION part comes from being a listed POC.
>On Apr 26, 2007, at 4:05 AM, Randy Bush wrote:
>> if the trust chain is allowed at all, this proposal should die immediately.
>> just because i signed that i believe that the holder of the private key for
>> pgp id 0x8972C7C1 is the human we know as paul vixie does not mean i give
>> him one iota of authority over my data or any other relationship with arin.
>> This message sent to you through the ARIN Public Policy Mailing List
>> (PPML at arin.net).
>> Manage your mailing list subscription at:
>Attachment converted: Macintosh HD:smime 297.p7s ( / ) (00309FB4)
>This message sent to you through the ARIN Public Policy Mailing List
>(PPML at arin.net).
>Manage your mailing list subscription at:
Edward Lewis +1-571-434-5468
Sarcasm doesn't scale.
More information about the ARIN-PPML