Hi Randy, You are quite right - the paragraph, and indeed the entire the proposal, requires a lot of thought. When I was drafting the proposal I focused on the aspects of improving the overall processes for all members such that we see improvements in: o the speed of updates o the value of feedback (success/failure) o reducing the reliance on intermediate systems and processes (such as SMTP and its behaviours) o reducing the prerequisite knowledge needed to use the APNIC registry and of course o meeting the security needs of a registry function One of my concerns was that adding security features to email to match the necessary security levels might actually add layers of complexity for the registrant. When I wrote that paragraph I had two things in mind, "how much work would any member need to do to send an update to APNIC?" and "what level of infrastructure would be required to adequately support that service?". The scenarios I worked through suggested conclusions where APNIC could be at risk of adding to the members' work effort and possibly increasing APNIC's support costs by implementing such security mechanisms in email. Cheers Terry On 07/08/2006, at 6:16 PM, Randy Bush wrote:
The mechanisms for securing the contents of an email and validatingthe identity of the author of the update are weak by modernstandards. Although there are ways of improving the use of email forsecure transactions, these are not considered sufficiently scaleable.i believe this paragraph needs considerable justification before this proposal can be justified, particularly as it proposes to make things significantly more difficult for the smallest and most poorly connected registrants, who would otherwise seem, at leat to me, to be deserving of our going the extra kilometer to support.
-- Terry Manderson email: terry at apnic dot net Snr Systems & Network Architect, APNIC sip: info at voip dot apnic dot net http://www.apnic.net phone: +61 7 3858 3100