nanog mailing list archives
Re: NetSol's PGP auth ... and the road not taken
From: David Shaw <dshaw () jabberwocky com>
Date: Wed, 24 Oct 2001 18:24:26 -0400
On Mon, Oct 22, 2001 at 03:38:35PM -0700, J.D. Falk wrote:
On 10/22/01, Joe Rhett <jrhett () isite net> wrote:i've been trying to add a pgp key to the verisign/netsol database for the past two weeks. i've sent four messages, opened three web help requests, and spent three hours on the phone with their helpdesk. they know less than their customers about their own procedures and web documentation for adding keys for PGP guardian auth.Don't waste your time. We had PGP auth working for the last 6 years. It will slow down any change you want to make by 3-5 days. Around 30% will get rejected for no reason whatsoever, and much more fun stuff.I've had PGP AUTH broken for the last 6 years, and had the same kind of experience. I just finished an ENTIRE MONTH of calling a couple of times a week to get a simple host record fixed. In one call, somebody changed me from PGP AUTH to MAIL-FROM without effectively confirming that I was really me.
I wrote this in March of 1999: I have gone to silly lengths to ensure that I am giving them a valid signature. Once I signed the template, and then verified the signature. I then copied it to another machine with a different PGP version and re-verified the signature. Then I mailed it to myself off-site and verified the signature on the remote system to ensure the mail system wasn't breaking something. Finally, I mailed it to hostmaster () internic net and cc'd myself on and off-site. Both copies I got back verified fine. The Internic took a few days and then bounced it because they couldn't verify the signature. It never improved, and I eventually gave up. I'm using OpenSRS now. David -- David Shaw | dshaw () jabberwocky com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson
Current thread:
- NetSol's PGP auth ... and the road not taken Joe Rhett (Oct 22)
- Re: NetSol's PGP auth ... and the road not taken Peter Galbavy (Oct 22)
- Re: NetSol's PGP auth ... and the road not taken Leo Bicknell (Oct 22)
- Re: NetSol's PGP auth ... and the road not taken J.D. Falk (Oct 22)
- Re: NetSol's PGP auth ... and the road not taken Matt Zimmerman (Oct 22)
- Re: NetSol's PGP auth ... and the road not taken Adam McKenna (Oct 22)
- Re: NetSol's PGP auth ... and the road not taken J.D. Falk (Oct 22)
- Re: NetSol's PGP auth ... and the road not taken John Hall (Oct 24)
- Re: NetSol's PGP auth ... and the road not taken Matt Zimmerman (Oct 22)
- Re: NetSol's PGP auth ... and the road not taken Len Sassaman (Oct 23)
- Re: NetSol's PGP auth ... and the road not taken David Shaw (Oct 24)
- <Possible follow-ups>
- Fwd: Re: NetSol's PGP auth ... and the road not taken Rodney Thayer (Oct 22)