[ppml] Policy Proposal 2007-1 - Last Call
woody at pch.net
Thu Apr 26 14:56:16 EDT 2007
The number 5 _was_ in the proposal, but both that and the phrase "crypt-auth" were deemed unnecessary by staff, and the authors and AC agreed, so they won't be part of the final policy.
Another issue that came up subsequent to the last published version of the proposal: Sandy Murphy brought up the issue of replay attacks (A swips to B, B somehow gets a copy of the signed message from A to ARIN, A unswips from B, B replays A's signed SWIP, re-taking the resource). Vixie pointed out that this is trivially addressed by maintaining a cache of hashes of already-accepted messages and implementing a full handshake or even human hostmaster intervention upon seeing the same hash a second time, and staff are now aware that a cache of that nature will need to be part of the implementation.
I would point out that this is the public POLICY mailing list, and that the details of crypto implementation, should ARIN staff not just adopt wholesale one of the preexisting implementations, are probably best discussed with staff, rather than on this mailing list.
Please excuse the brevity of this message; I typed it on my pager. I could be more loquacious, but then I'd crash my car.
From: Edward Lewis <Ed.Lewis at neustar.biz>
Date: Thu, 26 Apr 2007 14:26:33
To:"Stephen Sprunk" <stephen at sprunk.org>
Cc:ARIN PPML <ppml at arin.net>, Edward Lewis <Ed.Lewis at neustar.biz>
Subject: Re: [ppml] Policy Proposal 2007-1 - Last Call
At 11:56 -0500 4/26/07, Stephen Sprunk wrote:
>All valid objections, and ones that counsel noted, but one must remember that
>MAIL-FROM authentication means that today anyone can send in an email
>template with Owen's From: address and it'll be considered "authentic". While
>I agree there's potential for fraud with PGP, pulling it off in practice is
>more difficult than what we have today and the proposal should not be rejected
>solely on those grounds.
I have been reviewing the proposals as much as possible individually,
meaning I try not to compare the merits of one versus the other. I
haven't been trying to compare PGP to mail-from, but there is no
doubt that any approach to security using PGP is better than relying
on mail-from. I just haven't considered settling for a "step up" as
the goal - not to argue, but to let you know my frame of reference.
>I do urge the AC to reduce the number of steps in the chain before moving this
>proposal forward. Five seems to be way too many; I'd be happiest with one,
>but I'd accept two or three.
Being that I am not a fan of PGP (I am not against it, but do not use
it after my experience working with it about 8 years ago at a company
that bought the rights to it from Zimmerman and then ditched the
product before selling a copy), I would like to hear, from the
proposal authors perhaps, why the number 5 is in the policy proposal.
(When I say I am not a fan, take that as I am not someone who has
full and accurate knowledge of the technology and isn't about to set
down my other duties to go and study up on it. I am not against PGP,
maybe I just don't understand some fine point.)
BTW, I am sympathetic to Dillon's belief that this is too detailed
for PPML, but, it is in the proposal and there really is no other
venue to cover this within the ARIN umbrella of discussion fora.
When I read the policy proposal 2007-1, my vision of five steps was
from Pat Blow's keys signed by Menynty Encyunse in Elbonia, signed by
the mythical $mail-troll, signed by someone that has legacy space but
managed to have PGP keys signed by ARIN.
Perhaps the vision of the authors would be more along the lines of
"IP-admin-role-of-Bill's-Bait-n-Sushi-ISP" signed by
"Bill's-Bait-n-Sushi-ISP" signed by ARIN.
In the latter case, I can see a multi-step $word-of-trust being used,
but not in the former case.
Edward Lewis +1-571-434-5468
Sarcasm doesn't scale.
This message sent to you through the ARIN Public Policy Mailing List
(PPML at arin.net).
Manage your mailing list subscription at:
More information about the ARIN-PPML