Hi Russ, all, On 05.11.19 18:42, Russ Housley wrote:
Given this information, and the fact that every email that I recieve from anyone at iana.org <http://iana.org/> already has an S/MIME signature, I think we should drop the IANA portal recommendation altogether.
Maybe only for personal accounts? I have a mail from the Root Zone Management (rzm@iana.org) in my inbox. The mail contains a URL to confirm a change we initiated at IANA - in plain text. A signature (S/MIME or PGP) is also not available at the message. I would also like to distinguish mail communication from Root Zone Management portal (https://rzm.iana.org/rzm/login). The portal should have a recommendation regarding a strong authentication procedure (currently username and password). - Boban.