North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: NetSol's PGP auth ... and the road not taken
I posted a serious vulnerability in the NetSol PGP-AUTH system to BugTraq a while back. If you search the archives, you'll find it. PGP-AUTH is provides effectively no authentication whatsoever, as far as I can tell. It's definately not worth the hassel one has to go through to get it to function properly. On Mon, 22 Oct 2001, J.D. Falk wrote: > > On 10/22/01, Joe Rhett <[email protected]> wrote: > > > > i've been trying to add a pgp key to the verisign/netsol database for the > > > past two weeks. i've sent four messages, opened three web help requests, > > > and spent three hours on the phone with their helpdesk. they know less > > > than their customers about their own procedures and web documentation for > > > adding keys for PGP guardian auth. > > > > Don't waste your time. We had PGP auth working for the last 6 years. It > > will slow down any change you want to make by 3-5 days. Around 30% will get > > rejected for no reason whatsoever, and much more fun stuff. > > I've had PGP AUTH broken for the last 6 years, and had the same > kind of experience. I just finished an ENTIRE MONTH of calling > a couple of times a week to get a simple host record fixed. In > one call, somebody changed me from PGP AUTH to MAIL-FROM without > effectively confirming that I was really me. > > VeriSign needs to cut their losses and start over. > > -- > J.D. Falk "you can bomb the world to pieces, > <[email protected]> but you can't bomb it into peace" > -- Michael Franti > -- Len Sassaman Security Architect | "Now it's all change -- Technology Consultant | It's got to change more." | http://sion.quickie.net | --Joe Jackson
|