nanog mailing list archives

Re: NetSol's PGP auth ... and the road not taken

From: David Shaw <dshaw () jabberwocky com>
Date: Wed, 24 Oct 2001 18:24:26 -0400


On Mon, Oct 22, 2001 at 03:38:35PM -0700, J.D. Falk wrote:


On 10/22/01, Joe Rhett <jrhett () isite net> wrote:

i've been trying to add a pgp key to the verisign/netsol database for the
past two weeks. i've sent four messages, opened three web help requests,
and spent three hours on the phone with their helpdesk. they know less
than their customers about their own procedures and web documentation for
adding keys for PGP guardian auth.

 
Don't waste your time. We had PGP auth working for the last 6 years. It
will slow down any change you want to make by 3-5 days. Around 30% will get
rejected for no reason whatsoever, and much more fun stuff.


      I've had PGP AUTH broken for the last 6 years, and had the same
      kind of experience.  I just finished an ENTIRE MONTH of calling
      a couple of times a week to get a simple host record fixed.  In
      one call, somebody changed me from PGP AUTH to MAIL-FROM without
      effectively confirming that I was really me.


I wrote this in March of 1999:

  I have gone to silly lengths to ensure that I am giving them a valid
  signature.  Once I signed the template, and then verified the
  signature. I then copied it to another machine with a different PGP
  version and re-verified the signature. Then I mailed it to myself
  off-site and verified the signature on the remote system to ensure
  the mail system wasn't breaking something.  Finally, I mailed it to
  hostmaster () internic net and cc'd myself on and off-site.  Both
  copies I got back verified fine.  The Internic took a few days and
  then bounced it because they couldn't verify the signature.

It never improved, and I eventually gave up.  I'm using OpenSRS now.

David

-- 
   David Shaw  |  dshaw () jabberwocky com  |  WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson

Current thread:

NetSol's PGP auth ... and the road not taken Joe Rhett (Oct 22)
- Re: NetSol's PGP auth ... and the road not taken Peter Galbavy (Oct 22)
- Re: NetSol's PGP auth ... and the road not taken Leo Bicknell (Oct 22)
- Re: NetSol's PGP auth ... and the road not taken J.D. Falk (Oct 22)
  - Re: NetSol's PGP auth ... and the road not taken Matt Zimmerman (Oct 22)
    - Re: NetSol's PGP auth ... and the road not taken Adam McKenna (Oct 22)
    - Re: NetSol's PGP auth ... and the road not taken J.D. Falk (Oct 22)
    - Re: NetSol's PGP auth ... and the road not taken John Hall (Oct 24)
  - Re: NetSol's PGP auth ... and the road not taken Len Sassaman (Oct 23)
  - Re: NetSol's PGP auth ... and the road not taken David Shaw (Oct 24)
- <Possible follow-ups>
- Fwd: Re: NetSol's PGP auth ... and the road not taken Rodney Thayer (Oct 22)