[Community-Discuss] post ipv4 depletion frauds, brokers activities

Honest Ornella GANKPA honest1989 at gmail.com
Sat Jun 25 11:54:11 UTC 2016 

Hi Nishal,


2016-06-25 3:22 GMT+01:00 Nishal Goburdhan <nishal at controlfreak.co.za>:

> On 24 Jun 2016, at 21:06, Honest Ornella GANKPA wrote:
>
> It is quite scary actually that even the RIR is promoting such bad
>> practices on the pretense of simplicity
>>
>
> i disagree.
> and i’m not quite sure you see the double standard here.
>
> you (meaning: a general user) are happy to use your user name and
> password, and give your credit card details (ie. real money) to the afrinic
> website, based simply on your acceptance of a perceived 3rd party valid
> certificate implying identification  (it’s true;  the payment bits at
> my.afrinic.net don’t require more than a simple authenticated user login).
> that same set of authentication information, is needed to *manage* your
> resources - that critical thing that your network needs -  on a daily basis.
> but yet, somehow you think that this same set of validation/authentication
> criteria isn’t good enough for specific bits of the website?
> i like to see evidence (proof).  it could be easily argued that, since the
> e-voting process was Made Simpler (tm) more people used it this year;  i
> don’t recall the actual numbers, but i’m told that there were *more*
> e-voters users this year, than last, eh?
>
> do i wish afrinic would improve security around my.afrinic?  heck yes;  i
> logged ticket #249014 with afrinic in october 2014 asking for 2FA, which,
> i’m told is slated for sometime in 2016.  (my ticket is still open!)   i
> think that 2FA would be a better security deterrent than a bpki cert.


I'm not quite sure I get where you are disagreeing with me in your email? I
believe we both agree that a more secure myAfrinic would be beneficial for
all. Now wether 2 factor authentication or rpki would be better, I would
need to research 2 factor authentication to have an opinion.


> my most recent cert was copied from a laptop, put onto a memory stick and
> handed to me - i’m sure you can spot the obvious flaws with that .. :-)
>
>
:-)


> And why isn't the community consulted when such decisions are taken?
>>
>
> there was a bylaw change that was done to allow electronic voting (being a
> new means of voting).  that required membership (not community - mild
> difference!) consultation.
>
> the *mechanics* of the system, are *operational* changes.  for that, we
> have smart people at afrinic that know how to run systems.  we should let
> them do, what they are paid to do.  do they really need to get
> community^Wmember consensus to let folks know that they are changing their
> name-server software (ie. another operational change?)   :-)
>
> Surely removing an authentication security is not just a mere operational
change? I'm not on member list so that is why I wanted to make sure that
concerned parties were informed prior that



> —n.
>
>
> _______________________________________________
> Community-Discuss mailing list
> Community-Discuss at afrinic.net
> https://lists.afrinic.net/mailman/listinfo/community-discuss
>



-- 
Honest Ornella GANKPA
Network engineer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.afrinic.net/pipermail/community-discuss/attachments/20160625/4f1ac9ef/attachment.html>

More information about the Community-Discuss mailing list