Nick Hilliard wrote:
On 27/02/2013 14:12, Nick Hilliard wrote:
so will this be enough to satisfy legal due diligence
... for e.g. certification.
If we take a step back and try to model the tree/mesh of responsibility on the operational reality, and install a structure with CA and RA(s), then, imho, YES.
Nick
But the question regarding "legal due diligence" may be asked the other way 'round, too: we've got a holder and user of a resource, and someone (an RIR) questions the rightfulness (is this an engl. word?), then wouldn't it be "fair" for that party to come up with the "documentation", from a legal pov? I know that this is sort of "funny", from an abuse/security perspective. But, what I want to achieve and argue for, is to decouple the registration service from the operational (ab)use aspects. The Registry does have a clear mandate for the former, but not really for the latter. Wilfried.