On Wed, 27 Feb 2013, Wilfried Woeber wrote:
Nick Hilliard wrote:
On 27/02/2013 14:12, Nick Hilliard wrote:
so will this be enough to satisfy legal due diligence
... for e.g. certification.
If we take a step back and try to model the tree/mesh of responsibility on the operational reality, and install a structure with CA and RA(s), then, imho, YES.
Nick
But the question regarding "legal due diligence" may be asked the other way 'round, too: we've got a holder and user of a resource, and someone (an RIR) questions the rightfulness (is this an engl. word?), then wouldn't it be "fair" for that party to come up with the "documentation", from a legal pov?
I know that this is sort of "funny", from an abuse/security perspective. But, what I want to achieve and argue for, is to decouple the registration service from the operational (ab)use aspects.
The Registry does have a clear mandate for the former, but not really for the latter.
Wilfried.
Well put Wilfried. I agree. Regards, Daniel Stolpe _________________________________________________________________________________ Daniel Stolpe Tel: 08 - 688 11 81 stolpe@resilans.se Resilans AB Fax: 08 - 55 00 21 63 http://www.resilans.se/ Box 13 054 556741-1193 103 02 Stockholm