[ca-tf] Next steps & Write-up of the CA-TF kick-off meeting
Leo Vegoda leo.vegoda at icann.org
Thu Mar 1 05:34:24 CET 2007
On Feb 28, 2007, at 7:49 PM, Vasily Dolmatov wrote: [...] > In brief: There is no way to _ensure_ that certificate was taken by > proper > person. > There is crucial difference between "Leo Vegoda with valid passport > in hand" > and "someone who connected to the Portal using two text strings, > which some > time ago were sent by e-mail to someone who wrote he was Leo Vegoda". > So, certificate generated in the first case can legally represent > Leo Vegoda > (provided another lot of conditions were met), certificate > generated in the > second case can represent _nothing_ and _noone_. It will be issued and > transferred to _unknown_person_ who happened to posess knowlegde of > pair of > text strings in given moment of time. No claims concerning > following actions > using this certificate can be considered either legally or logically. In the past I have been told that the RIRs do not intend to certify identity, only control of the resources. The analogy I was given was that of a bearer bond: if you hold the bond you can cash it in. [...] > As I can see now, when struggling with threats > - that someone can claim that some operations with resources > which were > assigned to him were performed without his knowledge and against > his will > and he consider RIPE NCC legally responsible for the consequencies and > possible losses Isn't this already covered by article 7 of the RIPE NCC's Standard Terms & Conditions? > - that someone can decline responsibility for some evil operations > which > were performed from IP-space assigned to him I'm sure they can always do that, anyway. Isn't it up to the court system to determine facts in an "evil operations" case? > - that there will be resources which assigned to someone with whom > there is > no possibility to communicate by RIPE NCC So the certificate is never issued or expired? I don't understand how this is a threat. Can you expand on it? I don't understand how the threats you have described are likely to stop the RIPE NCC offering a service where the holder of a certificate (whoever that is) controls the resource. And more importantly, I don't see why not certifying identity should stop the RIPE NCC offering a service that allows the certificate holder to assure other people that they can authorise the use of the resources and the transfer of the resources. Regards, -- Leo Vegoda IANA Numbers Liaison
[ Ca-tf Archive ]
