[arin-ppml] Policy Proposal: Whois Integrity Policy Proposal

Wed Aug 20 14:47:44 EDT 2008

First, a brief rebuttal on a disagreement to one of my prior points.
On Tue, Aug 19, 2008 at 6:59 PM, Leo Bicknell <bicknell at ufp.org> wrote:

Bob requests a digital certificate from ARIN for the companies role account.
>   (http://www.arin.net/CA/)  Bob places it in a lockbox at work.

Great idea.  I think most would agree that widespread use of digital
certificates would enhance whois integrity.

Bad news, though -- an RSA isn't required to use the already existing
digital certificate mechanism described at the URL you pointed out.  I just
registered mine, in fact.  Thanks.

Therefore, my previous points about the non-necessity of an RSA for whois
integrity stand firm.

but having no contract is unacceptable to me.

There we go.  This is the real elephant in the room, isn't it.

I originally entered this conversation, perhaps naively, actually expecting
the debate to be about the proposal's stated purpose. It's clearly not.  In
fact, I haven't once heard even speculation that it's an actual problem.
No hard numbers of fraud occurrences, no damage figures, not even any
guesses. So it would seem that, as posed, this proposal is either a solution
in search of a problem, or a trojan horse for RSA mandating.

So, on the matter of this proposal, since legacy contract assimilation is
clearly separate from, and unnecessary for, improving whois integrity, I
would conclude confidently that this particular proposal cannot be seen as
having merit in any rational context and must be rejected.

That said, it does seem to me that some proposal, *perhaps one as simple as
requiring use of the existing digital certificate facilities*, to improve
whois integrity would probably have noteworthy merit.  I do see a new
proposal on the list regarding whois authentication.  It seems to depend on
this one, so I believe it's moot.

Please notice that I am not, in this thread, arguing for nor against legacy
RSA assimilation, nor am I making any points about the merits of the current
LRSA itself.  I probably will at some point, but not here.  It's obviously a
topic that requires debate (and is receiving it, even if potentially
off-topic in this thread).

It should receive that debate.  But please, I would ask you all, do not
dishonor this community by attempting to accomplish whichever goals you have
on that issue through dubious, meritless, or disingenuine attachment to
unrelated, more simply solvable, or otherwise conflated issues.  It should
stand alone as the question it deserves to be -- even if some people might
not like the consensus that emerges when it's asked straight up.

My "no" recommendation on this proposal remains firm.  None of the benefits
sought are achieved by the mechanism proposed.

$0.02,
Eric
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.arin.net/pipermail/arin-ppml/attachments/20080820/3b47fba8/attachment.htm>