nanog mailing list archives

Re: WARNING: AOL is hosed (again)

From: "Roeland M.J. Meyer" <rmeyer () mhsc com>
Date: Fri, 16 Oct 1998 14:11:19 -0700

At 04:01 PM 10/16/98 -0500, Sean Donelan wrote:

This is too trivial for words. We do SSL authenticated registrations for
our normal order processing, using CC transactions. I have always wondered
why NSI can't run both SSL and take immediate CC payments for
domain-registrations. It's not like they don't have the cash to make this
happen. It also wouldn't hurt to setup some ssh-forwarded ports and drop
the whole mess behind a firewall either.


Run of the mill SSL does not protect against client forgery or impersonation.
It protects against transmission wiretapping and some types of server
impersonation.  I can use a forged credit card number with SSL.


With Certs it sure does. So does SSH.

Encryption is not a magic wand.


Like with any wand, one must know how to use it.

On the other hand, security is a pain.  I know I haven't taken advantage
of all the security features NSI offers for all the objects I have registered
over the years.  The Guardian workflow process is still annoyingly
convuleted enough, the default ends up being no protection if you miss or
forget any of the steps.  I guess it makes sense from NSI's point of view,
cutting down on the number of 'lost' password or PGP key calls.


One can set up secure automated processes for all of this, that's what MHSC
actually does. Security *doesn't* have to be a PITA. It only becomes such
when the designer is either incompetent or lazy.

Tell me again, what's your mother's maiden name?
-- 
Sean Donelan, Data Research Associates, Inc, St. Louis, MO
 Affiliation given for identification not representation


___________________________________________________ 
Roeland M.J. Meyer, ISOC (InterNIC RM993) 
e-mail: <mailto:rmeyer () mhsc com>rmeyer () mhsc com
Internet phone: hawk.mhsc.com
Personal web pages: <http://www.mhsc.com/~rmeyer>www.mhsc.com/~rmeyer
Company web-site: <http://www.mhsc.com/>www.mhsc.com/
___________________________________________ 
I bet the human brain is a kludge.
                -- Marvin Minsky

Current thread:

WARNING: AOL is hosed (again) Stephen Sprunk (Oct 16)
- Re: WARNING: AOL is hosed (again) Mark Borchers (Oct 16)
  - Re: WARNING: AOL is hosed (again) Mike Leber (Oct 16)
  - Re: WARNING: AOL is hosed (again) Gary E. Miller (Oct 19)
    - Re: WARNING: AOL is hosed (again) Mark Borchers (Oct 19)
- <Possible follow-ups>
- Re: WARNING: AOL is hosed (again) Sean Donelan (Oct 16)
  - Re: WARNING: AOL is hosed (again) Roeland M.J. Meyer (Oct 16)
  - Message not available
    - Re: WARNING: AOL is hosed (again) Jay R. Ashworth (Oct 20)
- Re: WARNING: AOL is hosed (again) Sean Donelan (Oct 16)
  - Re: WARNING: AOL is hosed (again) Roeland M.J. Meyer (Oct 16)
  - Re: WARNING: AOL is hosed (again) Manar Hussain (Oct 19)
- Re: WARNING: AOL is hosed (again) CyberTech/CTCS%CTCS (Oct 19)