In message <ABdrBB0jYhxc80IBnfktLZxf6YnapVQHxqKeJFoSIGBISKB6gMAPc7nSa1wR Va_v8BrYuk24D9cIkXWrobH5GP6glyx1OWikfNFwTb_jnBE=@protonmail.com>, Carlos Friaças via anti-abuse-wg <anti-abuse-wg@ripe.net> writes
Great for you and the networks you manage, unfortunately (in the ~75k networks/autonomous systems) there is still people around the world that accept and rely on simple signed papers by someone. Even if who signs it can't hold what they claim with the RIRs' trust anchors... ;-)
A key point that the article misses is that yes, LOAs can (and have been) forged. However forging them is a criminal act (in the US it will be charged under "wirefraud" statutes) -- and numerous of the criminal proceedings which have been undertaken for theft of IP resources have used the wirefraud statutes. Yes, stealing a private key (or guessing a password to it) and then creating cryptographic signed objects is also likely to be criminal but it may be somewhat harder for courts to understand (and for the matter for prosecutors to identify suitable caselaw that makes the current case somewhat more open and shut). [[ Also, I have been told that some forgeries are laughably inept, whereas laughably weak passwords are a little harder to spot ]] -- richard Richard Clayton Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755