|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: NetSol's PGP auth ... and the road not taken
On Mon, Oct 22, 2001 at 12:24:17AM -0700, Joe Rhett wrote: > Don't waste your time. We had PGP auth working for the last 6 years. It > will slow down any change you want to make by 3-5 days. Around 30% will get > rejected for no reason whatsoever, and much more fun stuff. I find these comments interesting. I have been using PGP auth for a number of years and found it to work just fine. I have found most of the problems people have mentioned to be them running PGP wrong, and/or using new versions of PGP before Netsol got them working. I've only ever had one request get hung up, and it was because I sent them a ASCII-Armored request, rather than a cleartext signed copy. Just to be sure, I just submited a number of changes I had been sitting on, with PGP. 4 minutes later automated e-mail back that the changes had been made and all is well. Since their documentation sucks, some tips: 1) Your message must be signed cleartext. They need to be able to parse the text, in particular to get your keyid before running it through PGP. I'm not sure why this is, but it is the way it is, so just do it. Note, this implies you cannot encrypt your message, just sign it. 2) Use older PGP / keys. I still use 2.6.2 keys with them, and I know of people using 5.0 keys. Anything newer may cause issues. 3) Make sure your auth type is set to PGP _AND_ they key-id is filled in. If you fill out the automated forms on the web there is no way to enter a key id, you must manually edit the file they send you in e-mail. If your message is wrong for any reason, it will get bounced to a human, and most of the humans have no idea what to do with a bad PGP request (particularly an encrypted one that they can't even read) so they do sit. It's like getting soup in a Seinfeld show, do it right, you get soup, do it wrong, and well, "no soup for you!" -- Leo Bicknell - [email protected] Systems Engineer - Internetworking Engineer - CCIE 3440 Read TMBG List - [email protected], www.tmbg.org
|