On Mon, Feb 22, 2021 at 8:50 PM Randy Bush <[email protected]> wrote: > > > you can sign over something which ways "the person identified by the > > following public key is to be permitted to ..." > > you mean the fraudlent attacker who owned that INR seems to have signed > this request for a €1.000.000,49 wire transfer to their iban. a person > is not identified by that signature.
If someone has a valid CA cert/key from the RIR, it's very hard to argue 'fraudulent'. It's, however, "easy" for the RIR to reverse the error, right? :)
