[Community-Discuss] post ipv4 depletion frauds, brokers activities
Honest Ornella GANKPA
honest1989 at gmail.com
Sat Jun 25 11:54:11 UTC 2016
2016-06-25 3:22 GMT+01:00 Nishal Goburdhan <nishal at controlfreak.co.za>:
> On 24 Jun 2016, at 21:06, Honest Ornella GANKPA wrote:
> It is quite scary actually that even the RIR is promoting such bad
>> practices on the pretense of simplicity
> i disagree.
> and i’m not quite sure you see the double standard here.
> you (meaning: a general user) are happy to use your user name and
> password, and give your credit card details (ie. real money) to the afrinic
> website, based simply on your acceptance of a perceived 3rd party valid
> certificate implying identification (it’s true; the payment bits at
> my.afrinic.net don’t require more than a simple authenticated user login).
> that same set of authentication information, is needed to *manage* your
> resources - that critical thing that your network needs - on a daily basis.
> but yet, somehow you think that this same set of validation/authentication
> criteria isn’t good enough for specific bits of the website?
> i like to see evidence (proof). it could be easily argued that, since the
> e-voting process was Made Simpler (tm) more people used it this year; i
> don’t recall the actual numbers, but i’m told that there were *more*
> e-voters users this year, than last, eh?
> do i wish afrinic would improve security around my.afrinic? heck yes; i
> logged ticket #249014 with afrinic in october 2014 asking for 2FA, which,
> i’m told is slated for sometime in 2016. (my ticket is still open!) i
> think that 2FA would be a better security deterrent than a bpki cert.
I'm not quite sure I get where you are disagreeing with me in your email? I
believe we both agree that a more secure myAfrinic would be beneficial for
all. Now wether 2 factor authentication or rpki would be better, I would
need to research 2 factor authentication to have an opinion.
> my most recent cert was copied from a laptop, put onto a memory stick and
> handed to me - i’m sure you can spot the obvious flaws with that .. :-)
> And why isn't the community consulted when such decisions are taken?
> there was a bylaw change that was done to allow electronic voting (being a
> new means of voting). that required membership (not community - mild
> difference!) consultation.
> the *mechanics* of the system, are *operational* changes. for that, we
> have smart people at afrinic that know how to run systems. we should let
> them do, what they are paid to do. do they really need to get
> community^Wmember consensus to let folks know that they are changing their
> name-server software (ie. another operational change?) :-)
> Surely removing an authentication security is not just a mere operational
change? I'm not on member list so that is why I wanted to make sure that
concerned parties were informed prior that
> Community-Discuss mailing list
> Community-Discuss at afrinic.net
Honest Ornella GANKPA
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Community-Discuss