North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Guardian for ARIN

  • From: Sean Donelan
  • Date: Fri May 02 01:11:13 2003

Once upon a time, NSI handled both domain names and network addresses.

NSI originally only checked the sender of the e-mail address matched its
database.  Spoofing the sender of an e-mail address is/was trivial, and
eventually several domain names were hijacked by other unauthorized

NSI added "Guardian" to their template process.  Guardian permitted the
points of contact (NIC-Handle) for objects in the NSI database to add a
password (and allegedly a PGP key) to their records.  Only templates using
the correct password would be processed. Since NSI handled both names and
numbers, a password on NIC-Handle protected both names and networks.

ARIN was formed, and the duties associated with IP numbers (AS and IP
addresses) were transfered to the new ARIN.  However, Guardian or some
alternative didn't seem to get transferred.  So we're back to anyone
who can spoof the point of contacts e-mail address can make changes
to the ARIN records.

Is it time for ARIN to re-add security to their database update