Policy Proposal 2007-1: Reinstatement of PGP Authentication Method [Archived]

Status: Board Rejected

Tracking Information

Discussion Tracking

Mailing List:

Formal introduction on PPML on 16 February 2007

Staff assessment - 13 April 2007
Last call - 25 April through 9 May 2007Public Policy Mailing List

ARIN Public Policy Meeting:

ARIN XIX

ARIN Advisory Council:

2 November 2006
16 November 2006
18 January 2007
15 February 2007
24 April 2007
17 May 2007

ARIN Board of Trustees:

Cryptographic Authentication

Revisions:

Implementation:

Author(s):

Paul Vixie,
Mark Kosters,
Chris Morrow,
Jared Mauch,
Bill Woodcock

Proposal type: New

Policy term: Permanent

Policy statement:

ADDITION TO NRPM

12 Authentication Methods

12.1 Mail-From
This section intentionally left blank.

12.2 PGP
ARIN accepts PGP-signed email as authentic communication from authorized Points of Contact. POCs may denote their records “crypt-auth,” subsequent to which unsigned communications shall not be deemed authentic with regard to those records.

12.3 X.509
This section intentionally left blank.

UPDATES TO TEMPLATES

ARIN shall update templates as necessary to identify and distinguish between mail-from, PGP, and X.509 authentication methods.

UPDATES TO DOCUMENTATION

ARIN shall update documentation as appropriate to explain the differences between mail-from, PGP, and X.509 authentication methods.

KEY USE IN COMMUNICATION:

ARIN shall accept PGP-signed communications, validate that a chain of trust not longer than five steps exists between the signing key and the ARIN hostmaster role key, compare the signing key to the identity of the authorized POCs for records referenced in the correspondence, and act appropriately based upon the validity or invalidity of the signature.

ARIN shall PGP-sign all outgoing hostmaster email with the hostmaster role key, and staff members may optionally also sign mail with their own individual keys.

ARIN shall accept PGP-encrypted communications which are encrypted using ARIN’s hostmaster public key.

ARIN shall not encrypt any outgoing communications except at the prior request of the recipient.

Rationale:

Globally, PGP is the most commonly used cryptographic authentication method between RIRs and resource recipients who wish to protect their resource registration records against unauthorized modification. The PGP-auth authentication method is supported by RIPE, APNIC, and AFRINIC, LACNIC supports an equivalent mechanism, and PGP was historically supported by the InterNIC prior to ARIN’s formation. By contrast, current ARIN resource recipients have only two options: “mail-from,” which is trivially spoofed and should not be relied upon to protect important database objects, and X.509, which involves a rigorous and lengthy proof-of-identity process and compels use of a compatible MUA, a combination which has dissuaded essentially all of ARIN’s constituents. Additionally, X.509’s centralized failure mode is technically and ideologically repugnant to some members of the community, who should not be forced to choose between two evils.

There isn’t a lot of work to do here, and certainly nothing tricky. PGP is simple code, which was supported by the InterNIC, and which the other RIRs deployed without a second thought or complaint. If RIPE and APNIC have always done this, the InterNIC did it before ARIN was formed, and LACNIC and AFRINIC took the need for cryptographic security for granted as a part of their startup process, we see no reason why ARIN should be the only RIR to not offer this most basic of protections to its members.

We need to get PGP support reinstated, so that our records can be protected against hijacking and vandalism, and so we won’t look like idiots as the only one of the five regions that can’t figure this stuff out.

Timetable for implementation: Immediate