[ppml] Policy Proposal 2007-1 - Last Call
woody at pch.net
Thu Apr 26 14:03:25 EDT 2007
Ed: Ask yourself what it is that ARIN knows that uniquely identifies a POC. There may be many "Owen Delongs" in the world, but only one of them controls the owen at delong.com email account, and that's the identifier ARIN uses. No other, because nothing else that ARIN knows about is necessarily unique.
Thus, in order to successfully spoof Owen's identity, you would need:
1) A private key identifying you as Owen Delong
2) A sufficiently convincing set of paths between the hostmaster key and your key to not arouse the suspicion of the hostmaster
3) The ability to intercept mail to owen at delong.com
4) The ability to prevent Owen himself from seeing the handshake email
5) The ability to keep Owen from suspecting that he's not receiving some of his mail
Of course the coincidence of all of those conditions is possible, as this is a world of infinite possibility. But that's not interesting. What's interesting is that:
1) It's better than mail-from
2) It's good enough for the rest of the world
3) It passed unanimously.
We don't live in a theoretically perfect world. Denying ourselves the basic tools which make the rest of the world a better place, merely because we're unhappy that we can't somehow magically leap-frog into a perfect world, doesn't buy us anything.
Please excuse the brevity of this message; I typed it on my pager. I could be more loquacious, but then I'd crash my car.
From: Edward Lewis <Ed.Lewis at neustar.biz>
Date: Thu, 26 Apr 2007 11:27:15
To:Owen DeLong <owen at delong.com>
Cc:Randy Bush <randy at psg.com>, ppml at arin.net
Subject: Re: [ppml] Policy Proposal 2007-1 - Last Call
I thought I understood Randy's objection, but after a re-read I don't
think I do. Still, I believe that any chain relying on non-ARIN
(approved) trusted introductions is a bad idea.
Let's say I get someone to sign a key for me with an identity of Owen
DeLong. If ARIN accepts that someone as a trusted introducer, then
how can ARIN distinguish between templates submitted by me signed
with my Owen key and templates Owen genuinely submits?
Authorization policy is undermined by weakness in the authentication method.
By ARIN-approved, I mean either ARIN-only or some set of other
established Internet organizations (like AfriNIC, IETF, etc.), or
even some set of ARIN members that have a good track record in being
trusted to introduce. The latter to me is a bit of a stretch.
At 4:15 -0700 4/26/07, Owen DeLong wrote:
>Content-Type: multipart/signed; micalg=sha1; boundary=Apple-Mail-9--437058209;
>It was pretty clear that the trust chain is being used for AUTHENTICATION
>only. The AUTHORIZATION part comes from being a listed POC.
>On Apr 26, 2007, at 4:05 AM, Randy Bush wrote:
>> if the trust chain is allowed at all, this proposal should die immediately.
>> just because i signed that i believe that the holder of the private key for
>> pgp id 0x8972C7C1 is the human we know as paul vixie does not mean i give
>> him one iota of authority over my data or any other relationship with arin.
>> This message sent to you through the ARIN Public Policy Mailing List
>> (PPML at arin.net).
>> Manage your mailing list subscription at:
>Attachment converted: Macintosh HD:smime 297.p7s ( / ) (00309FB4)
>This message sent to you through the ARIN Public Policy Mailing List
>(PPML at arin.net).
>Manage your mailing list subscription at:
Edward Lewis +1-571-434-5468
Sarcasm doesn't scale.
This message sent to you through the ARIN Public Policy Mailing List
(PPML at arin.net).
Manage your mailing list subscription at:
More information about the ARIN-PPML