Hi Randy, On 09/08/2006, at 1:42 AM, Randy Bush wrote:
for those using web, or only for those whose means of access is limited by choice or circumstances to email?
The comparative complexity is much higher in secure encrypted email based mechanisms. But you do raise an interesting question, how many members of APNIC are limited to email for internet traffic and unable to reach a web page or establish a tcp connection to port 443 for a REST conversation?
could you explain? the other registries seem to find pgp email doable. is that not sufficient? is the issue what happens when you want to go to x.509-based signatures.
The other registries accepting email based updates (Afrinic, RIPE, and ARIN) certainly do make both pgp and x.509 signed email systems work now. Although I think it is important to note that at present they support only signed emails, not encrypted emails. For the longer term registry model I don't believe it to be sufficient.
i.e. "it will be harder" might gain some sympathy if there was also a "because ..."
I'm a little worried that we might fall into a trap of focusing on "ways to make email work" instead of realising that email no longer fits into the registry model due to the growing need for all transactions with the APNIC registry to be encrypted and authorised using strong authentication methods with an immediate feedback cycle. I think it is worthwhile to also consider the improved workflows that a XML/REST system provides. I see these workflows as a prerequisite to the interactions that future registry functions are going to need. Such future functions that centre around resource certification. Further to this is the existing concern that email has proved to be of varying reliability due to anti-spam implementations and what I describe as a growing social intolerance of automated mail flows. I would expect that APNIC's due diligence covers ensuring that any updates sent to APNIC are received in good order and replies similarly received by the registrant. Unfortunately we can't make such guarantees with any form of email. Terry -- Terry Manderson email: terry at apnic dot net Snr Systems & Network Architect, APNIC sip: info at voip dot apnic dot net http://www.apnic.net phone: +61 7 3858 3100