<div dir="ltr">First, a brief rebuttal on a disagreement to one of my prior points.<div class="Ih2E3d"><br>On Tue, Aug 19, 2008 at 6:59 PM, Leo Bicknell <span dir="ltr"><<a href="mailto:bicknell@ufp.org" target="_blank">bicknell@ufp.org</a>></span> wrote:<br>
<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">Bob requests a digital certificate from ARIN for the companies role account.<br>
(<a href="http://www.arin.net/CA/" target="_blank">http://www.arin.net/CA/</a>) Bob places it in a lockbox at work.</blockquote><br></div>Great idea. I think most would agree that widespread use of digital certificates would enhance whois integrity.<br>
<br>Bad news, though -- an RSA isn't required to use the already existing digital
certificate mechanism described at the URL you pointed out. I just registered mine, in fact. Thanks.<br><br>Therefore, my previous points about the non-necessity of an RSA for whois integrity stand firm.<br>
<br><div class="Ih2E3d"><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
but having no contract is unacceptable to me.</blockquote></div><br>There we go. This
is the real elephant in the room, isn't it.<br><br>I
originally entered this
conversation, perhaps naively, actually
expecting the debate to be about the proposal's stated purpose. It's
clearly not. In fact, I haven't once heard even speculation that it's
an actual problem. No hard numbers of fraud occurrences, no damage
figures, not even any guesses. So it would seem that, as posed, this
proposal is either a solution in search of a problem, or a trojan horse
for RSA mandating.<br>
<br>So, on the matter of this proposal, since legacy contract assimilation is clearly separate from, and unnecessary for,
improving whois integrity, I would conclude confidently that this particular proposal cannot be seen
as having merit in any rational context and must be rejected.<br>
<br>That said, it does seem to me that some proposal, <i>perhaps one as simple as requiring use
of the existing digital certificate facilities</i>,
to improve whois
integrity would probably have noteworthy merit. I do see a new
proposal on the list regarding whois authentication. It seems to
depend on this one, so I believe it's moot.<br>
<br>Please notice that I am not, in this thread, arguing for nor
against legacy RSA assimilation, nor am I making any points about the
merits of the current LRSA itself. I probably will at some point, but
not here. It's obviously a topic that requires debate (and is
receiving it, even if potentially off-topic in this thread).<br>
<br>It should receive that debate. But please, I would ask you all, do
not dishonor this community by attempting to accomplish whichever goals
you have on that issue through dubious, meritless, or disingenuine
attachment to unrelated, more simply solvable, or otherwise conflated
issues. It should stand alone as the question it deserves to be --
even if some people might not like the consensus that emerges when it's
asked straight up.<br>
<br>My "no" recommendation on this proposal remains firm. None of the benefits sought are achieved by the
mechanism proposed.<br>
<br>$0.02,<br>Eric</div>