[Community-Discuss] post ipv4 depletion frauds, brokers activities

Nishal Goburdhan nishal at controlfreak.co.za
Sat Jun 25 02:22:06 UTC 2016 

On 24 Jun 2016, at 21:06, Honest Ornella GANKPA wrote:

> It is quite scary actually that even the RIR is promoting such bad
> practices on the pretense of simplicity

i disagree.
and i’m not quite sure you see the double standard here.

you (meaning: a general user) are happy to use your user name and 
password, and give your credit card details (ie. real money) to the 
afrinic website, based simply on your acceptance of a perceived 3rd 
party valid certificate implying identification  (it’s true;  the 
payment bits at my.afrinic.net don’t require more than a simple 
authenticated user login).
that same set of authentication information, is needed to *manage* your 
resources - that critical thing that your network needs -  on a daily 
basis.
but yet, somehow you think that this same set of 
validation/authentication criteria isn’t good enough for specific bits 
of the website?
i like to see evidence (proof).  it could be easily argued that, since 
the e-voting process was Made Simpler (tm) more people used it this 
year;  i don’t recall the actual numbers, but i’m told that there 
were *more* e-voters users this year, than last, eh?

do i wish afrinic would improve security around my.afrinic?  heck yes;  
i logged ticket #249014 with afrinic in october 2014 asking for 2FA, 
which, i’m told is slated for sometime in 2016.  (my ticket is still 
open!)   i think that 2FA would be a better security deterrent than a 
bpki cert.  my most recent cert was copied from a laptop, put onto a 
memory stick and handed to me - i’m sure you can spot the obvious 
flaws with that .. :-)


> And why isn't the community consulted when such decisions are taken?

there was a bylaw change that was done to allow electronic voting (being 
a new means of voting).  that required membership (not community - mild 
difference!) consultation.

the *mechanics* of the system, are *operational* changes.  for that, we 
have smart people at afrinic that know how to run systems.  we should 
let them do, what they are paid to do.  do they really need to get 
community^Wmember consensus to let folks know that they are changing 
their name-server software (ie. another operational change?)   :-)

—n.

More information about the Community-Discuss mailing list