Re: [sig-policy] prop-037-v001: Deprecation of email updates for APNIC R
Hi Randy,
You are quite right - the paragraph, and indeed the entire the
proposal, requires a lot of thought.
When I was drafting the proposal I focused on the aspects of
improving the overall processes for all members such that we
see improvements in:
o the speed of updates
o the value of feedback (success/failure)
o reducing the reliance on intermediate systems and processes
(such as SMTP and its behaviours)
o reducing the prerequisite knowledge needed to use the
APNIC registry
and of course
o meeting the security needs of a registry function
One of my concerns was that adding security features to email to
match the necessary security levels might actually add layers of
complexity for the registrant.
When I wrote that paragraph I had two things in mind,
"how much work would any member need to do to send an update to
APNIC?" and "what level of infrastructure would be required to
adequately support that service?".
The scenarios I worked through suggested conclusions where APNIC
could be at risk of adding to the members' work effort and possibly
increasing APNIC's support costs by implementing such security
mechanisms in email.
Cheers
Terry
On 07/08/2006, at 6:16 PM, Randy Bush wrote:
The mechanisms for securing the contents of an email and
validating
the identity of the author of the update are weak by modern
standards. Although there are ways of improving the use of email
for
secure transactions, these are not considered sufficiently
scaleable.
i believe this paragraph needs considerable justification before
this proposal can be justified, particularly as it proposes to
make things significantly more difficult for the smallest and
most poorly connected registrants, who would otherwise seem, at
leat to me, to be deserving of our going the extra kilometer to
support.
--
Terry Manderson email: terry at apnic dot net
Snr Systems & Network Architect, APNIC sip: info at voip dot apnic dot net
http://www.apnic.net phone: +61 7 3858 3100