[ncc-services-wg] Improved Secure Communication for Registration Services (RS) Mailboxes

> --On Monday, February 23, 2004 20:58:42 +0100 Kurt Jaeger 
> <lists at complx.LF.net> wrote:
> 
> > I object on making x.509 the sole method of authenticated 
> > communication with RIPE.
> > 
> > There's GPG, and it works, now.
> > 
> > X.509 is not the way to go. It's just a (needless) duplication of 
> > effort. And wading forever in the mess of "do we use this 
> > protocol/format or that" and so on.
> 
> I would have to concur with this objection. PGP/GPG works, it 
> is well suited to workflow, requires few special tools (bar 
> pgp software) on the client side, and is an established method. 
> 
> Forcing certificate handling onto the LIR community is NOT 
> good service, it is IMNSHO overcomplication. PKIen have their 
> uses, but this is not one. 
> 
> I say NO to X.509.

I completely disagree.

You can say no all you like but frankly for many organisations
PGP/GPG is simply not an option because there are a number of
issues related to management of keys and users. I suspect an
audit of many organisations using PGP/GPG would find alarming 
issues with the way these are deployed and used.

X.509 maybe somewhat overcomplicated [and I don't agree with that 
fully anyway] for this specific application but if you already have 
a platform and many organisations do, then its a trivial expansion. 
Rolling out GPG/PGP across large organisations is just as much of an 
issue as deploying a PKI system. Whether you like or not X.509 is 
here and its likely to be here to stay and it works pretty well in
my experience.

So I welcome the RIPE NCC's direction on this.

Regards,
Neil.