|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Internic PGP Auth busted
> I posted a rant about this to bugtraq almost a year ago. In the case > where it happened to me I was already annoyed because an update that had > been NAKed several times was applied when a single ACK was received over a > month later (sent by a former employee who happened to have the month old > NOTIFY). And then when I called them to ask them WTF they requested that > I fax them some letterhead to "prove" that I was who I said I was. This is unfortunately standard. I've seen unsigned modifications go through for PGP-protected domains, and I've seen correctly signed modifications fail for the same domains. In fact our standard practice now is "send it until it works", since inevitably a modification which fails (incorrectly) one time will work if you just try it enough times. The funniest (?) part is when someone can put through a modification with no authentication whatsoever, then when you call to fix the damage, the InterNIC demands letterhead/CEO signatures/blood samples/etc. -- John Caruso, Director, System/Network Administration CNET: The Computer Network Email: [email protected] 150 Chestnut Street Phone: 415.395.7805 x1310 San Francisco, CA 94111 Fax: 415.623.2458
|