Policy Proposal: Documentation of the Mail-From Authentication Method

Member Services info at arin.net
Tue Nov 21 16:15:21 EST 2006 

On 2 November 2006 the ARIN Advisory Council (AC) reviewed Documentation 
of the Mail-From Authentication Method and did not accept it at this 
time as a formal policy proposal. The AC will work with the author to 
revise the text prior to taking further action.

The proposal text is below and can be found at:
http://www.arin.net/policy/proposals/submission_archive.html

The ARIN Internet Resource Policy Evaluation Process can be found at:
http://www.arin.net/policy/irpep.html

Regards,

Member Services
American Registry for Internet Numbers (ARIN)


Member Services wrote:
> ARIN received the following policy proposal. In accordance with the ARIN
> Internet Resource Policy Evaluation Process, the proposal is being
> posted to the ARIN Public Policy Mailing List (PPML) and being placed on
> ARIN's website.
> 
> The ARIN Advisory Council (AC) will review this proposal and may decide to:
> 
> 1. Accept the proposal as a formal policy proposal as it is presented;
> 2. Work with the author to:
>      a) clarify the language or intent of the proposal;
>      b) divide the proposal into two (2) or more proposals; or
>      c) combine the proposal with other proposals; or, 3. Not accept the
> proposal as a formal policy proposal.
> 
> This proposal was received within 10 days of the next scheduled meeting
> of the ARIN Advisory Council; the review period may be extended to the
> regularly scheduled meeting that occurs after the upcoming meeting.
> 
> If the AC accepts the proposal or reaches an agreement with the author,
> then the proposal will be posted as a formal policy proposal to PPML and
> it will be presented at a Public Policy Meeting. If the AC does not
> accept the proposal or can not reach an agreement with the author, then
> the AC will notify the community of their decision with an explanation;
> at that time the author may elect to use the petition process to advance
> their proposal. If the author elects not to petition or the petition
> fails, then the proposal will be considered closed.
> 
> The ARIN Internet Resource Policy Evaluation Process can be found at:
> http://www.arin.net/policy/irpep.html
> 
> Mailing list subscription information can be found at:
> http://www.arin.net/mailing_lists/index.html
> 
> Regards,
> 
> Member Services
> American Registry for Internet Numbers (ARIN)
> 
> 
> ## * ##
> 
> 
> Policy Proposal Name: Documentation of the Mail-From Authentication Method
> 
> Authors:
> Paul Vixie
> Mark Kosters
> Chris Morrow
> Jared Mauch
> Bill Woodcock
> 
> Proposal Version: 1
> 
> Submission Date: Tuesday, October 24, 2006
> 
> Proposal type: New
> 
> Policy term: Permanent
> 
> Policy statement:
> 
>        DELETION FROM THE NRPM
> 
>           3.5.1 Mail-From
>                 This section intentionally left blank.
> 
>        ADDITION TO THE NRPM
> 
>           3.5.1 Mail-From
>                 Mail-From is the default authentication method by which
>                 registration records are protected from vandalism. If a
>                 registrant fails to designate a more secure method, any
>                 subsequent email which bears the sender address of an
>                 authorized Point of Contact may be deemed authentic with
>                 regard to the registrant's records. Since it is trivial
>                 to forge a sender address, Mail-From should not be
>                 regarded as secure. Use of Mail-From authentication is
>                 not recommended to any registrant who has the means to
>                 implement either of the more secure cryptographic
>                 authentication methods.
> Rationale:
> 
>        This policy complements the previously-proposed "Reinstatement of
>        PGP Authentication Method" which introduces section 3.5 to the
>        NRPM. Section 3.5 relates the existence of three authentication
>        methods. Two of those, mail-from and X.509, were preexisting but
>        not documented within the NRPM.
> 
>        This policy proposal simply seeks to provide brief documentation
>        of the existence of the mail-from authentication method. Because
>        the specific wording of the documentation may be subject to
>        debate, and is in no way interdependent upon the documentation of
>        the other two methods, it is being proposed in a separate policy,
>        so that consensus may be more easily reached.
> 
> Timetable for implementation: Immediate
> 
> _______________________________________________
> PPML mailing list
> PPML at arin.net
> http://lists.arin.net/mailman/listinfo/ppml
>

More information about the Info mailing list