nanog mailing list archives
Re: Internic PGP Auth busted
From: John Caruso <caruso () cnet com>
Date: Mon, 23 Feb 1998 14:47:29 -0800 (PST)
I posted a rant about this to bugtraq almost a year ago. In the case where it happened to me I was already annoyed because an update that had been NAKed several times was applied when a single ACK was received over a month later (sent by a former employee who happened to have the month old NOTIFY). And then when I called them to ask them WTF they requested that I fax them some letterhead to "prove" that I was who I said I was.
This is unfortunately standard. I've seen unsigned modifications go through for PGP-protected domains, and I've seen correctly signed modifications fail for the same domains. In fact our standard practice now is "send it until it works", since inevitably a modification which fails (incorrectly) one time will work if you just try it enough times. The funniest (?) part is when someone can put through a modification with no authentication whatsoever, then when you call to fix the damage, the InterNIC demands letterhead/CEO signatures/blood samples/etc. -- John Caruso, Director, System/Network Administration CNET: The Computer Network Email: caruso () cnet com 150 Chestnut Street Phone: 415.395.7805 x1310 San Francisco, CA 94111 Fax: 415.623.2458
Current thread:
- Internic PGP Auth busted Greg Ketell (Feb 20)
- Re: Internic PGP Auth busted Christopher Caldwell (Feb 20)
- Re: Internic PGP Auth busted Greg Ketell (Feb 20)
- Re: Internic PGP Auth busted ken emery (Feb 20)
- Re: Internic PGP Auth busted Jon Green (Feb 23)
- Re: Internic PGP Auth busted Greg Ketell (Feb 20)
- Re: Internic PGP Auth busted Steve Hultquist (Feb 23)
- <Possible follow-ups>
- Re: Internic PGP Auth busted Sanjay Dani (Feb 23)
- Re: Internic PGP Auth busted Dean Gaudet (Feb 23)
- Re: Internic PGP Auth busted John Caruso (Feb 23)
- Re: Internic PGP Auth busted Dean Gaudet (Feb 23)
- Re: Internic PGP Auth busted Christopher Caldwell (Feb 20)