[ppml] 2007-1, was Re: mail auth proposals

Leo Bicknell bicknell at ufp.org
Thu Apr 12 21:28:54 EDT 2007


In a message written on Thu, Apr 12, 2007 at 12:58:50AM -0700, william(at)elan.net wrote:
> Perhaps the issue is that its unclear what the goals are for deploying
> this email authentication. There can actually be two gaols:
>   1. To verify that email address sent to ARIN really came from listed
>      email address
>   2. To verify that the person sending the email and using email address
>      is really who he says he is

Actually, I don't think either of those are the goal.

3. To make it more difficult for a bad actor to supply fraudulent data to 
   ARIN that appears authentic.

Having a dead bolt on the door keeps out someone who might walk in
if there was no lock, but won't keep out someone willing to break
down the door.  I think those for PGP would like to see a dead bolt
installed.

-- 
       Leo Bicknell - bicknell at ufp.org - CCIE 3440
        PGP keys at http://www.ufp.org/~bicknell/
Read TMBG List - tmbg-list-request at tmbg.org, www.tmbg.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
URL: <https://lists.arin.net/pipermail/arin-ppml/attachments/20070412/20479eef/attachment-0001.sig>


More information about the ARIN-PPML mailing list