[ncc-services-wg] Improved Secure Communication for Registration Services (RS) Mailboxes
- Previous message (by thread): [ncc-services-wg] Improved Secure Communication for Registration Services (RS) Mailboxes
- Next message (by thread): [ncc-services-wg] Improved Secure Communication for Registration Services (RS) Mailboxes
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Måns Nilsson KTHNOC
mansaxel at sunet.se
Fri Feb 27 11:22:37 CET 2004
--On Wednesday, February 25, 2004 18:03:04 +0100 Shane Kerr <shane at ripe.net> wrote: > Any technology for securing e-mail restricts client choice. Among the > e-mail clients that members use, there is superior "out of the box" > support for X.509 than PGP. I say this based on the research that we did > in response to concerns about S/MIME compatibility. Please elaborate, because I have a hard time to find an email client not supporting an ASCII-armored PGP message, but there are tons of them frowning on x.509 attachments. Some of us actually do the equivalent of: $EDITOR ripe-template.txt gpg --clearsign ripe-template.txt | /bin/mail <somebody at ripe.net> for our RIPE communications. > As others have noted, we can support both X.509 and PGP. We can also > support *only* PGP, although I think because of #2, above, this is not a > good solution. I would argue that it is the other way around; given the forced choice of "only one" the broadest support exists for PGP. > Although the basic question of "do we need this at all" still seems open > to me. In some ways, security is like insurance: it is only a problem if > you don't have it after you should have. > > Ignoring the "PGP versus X.509" question, does the membership want us to > support signed e-mail at all? What about encrypted e-mail? Given the mess an evil person can do by creatively adjusting records in the routing database, I suggest that RIRen must actively promote the use of technologies that protect our infrastructure; thus, signing should be more or less mandatory, and encryption should be available for secure out-of-band communications -- this then more human-to-human, to solve strange issues, send sensitive data, and so forth. rgds, -- Måns Nilsson Systems Specialist +46 70 681 7204 KTHNOC MN1334-RIPE -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 186 bytes Desc: not available URL: <https://lists.ripe.net/ripe/mail/archives/ncc-services-wg/attachments/20040227/d3f70db0/attachment.sig>
- Previous message (by thread): [ncc-services-wg] Improved Secure Communication for Registration Services (RS) Mailboxes
- Next message (by thread): [ncc-services-wg] Improved Secure Communication for Registration Services (RS) Mailboxes
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]