This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/
[ncc-services-wg] Improved Secure Communication for Registration Services (RS) Mailboxes
- Previous message (by thread): [ncc-services-wg] Improved Secure Communication for Registration Services (RS) Mailboxes
- Next message (by thread): [ncc-services-wg] Improved Secure Communication for Registration Services (RS) Mailboxes
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Måns Nilsson KTHNOC
mansaxel at sunet.se
Fri Feb 27 11:22:37 CET 2004
--On Wednesday, February 25, 2004 18:03:04 +0100 Shane Kerr <shane at ripe.net> wrote: > Any technology for securing e-mail restricts client choice. Among the > e-mail clients that members use, there is superior "out of the box" > support for X.509 than PGP. I say this based on the research that we did > in response to concerns about S/MIME compatibility. Please elaborate, because I have a hard time to find an email client not supporting an ASCII-armored PGP message, but there are tons of them frowning on x.509 attachments. Some of us actually do the equivalent of: $EDITOR ripe-template.txt gpg --clearsign ripe-template.txt | /bin/mail <somebody at ripe.net> for our RIPE communications. > As others have noted, we can support both X.509 and PGP. We can also > support *only* PGP, although I think because of #2, above, this is not a > good solution. I would argue that it is the other way around; given the forced choice of "only one" the broadest support exists for PGP. > Although the basic question of "do we need this at all" still seems open > to me. In some ways, security is like insurance: it is only a problem if > you don't have it after you should have. > > Ignoring the "PGP versus X.509" question, does the membership want us to > support signed e-mail at all? What about encrypted e-mail? Given the mess an evil person can do by creatively adjusting records in the routing database, I suggest that RIRen must actively promote the use of technologies that protect our infrastructure; thus, signing should be more or less mandatory, and encryption should be available for secure out-of-band communications -- this then more human-to-human, to solve strange issues, send sensitive data, and so forth. rgds, -- Måns Nilsson Systems Specialist +46 70 681 7204 KTHNOC MN1334-RIPE -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 186 bytes Desc: not available URL: </ripe/mail/archives/ncc-services-wg/attachments/20040227/d3f70db0/attachment.sig>
- Previous message (by thread): [ncc-services-wg] Improved Secure Communication for Registration Services (RS) Mailboxes
- Next message (by thread): [ncc-services-wg] Improved Secure Communication for Registration Services (RS) Mailboxes
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]