22 Feb
2021
22 Feb
'21
10:18 p.m.
On Mon, Feb 22, 2021 at 8:50 PM Randy Bush <randy@psg.com> wrote:
you can sign over something which ways "the person identified by the following public key is to be permitted to ..."
you mean the fraudlent attacker who owned that INR seems to have signed this request for a €1.000.000,49 wire transfer to their iban. a person is not identified by that signature.
If someone has a valid CA cert/key from the RIR, it's very hard to argue 'fraudulent'. It's, however, "easy" for the RIR to reverse the error, right? :)