Sean, Many good points here. On a related topic, IMHO, NSI needs to take a step back and evaluate their domain/account management system. The web-gui system in place now is truly the bastard child, leaving subscribers with dozens (or hundreds) of domains, each with an individual account number and no password (or challenge phrase). I wonder how many virgin goats would need to be slaughtered at the altars of Tenochtitlan to bring back the email forms ;-) Regards, Christopher J. Wolff, VP CIO Broadband Laboratories, Inc. http://www.bblabs.com -----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Sean Donelan Sent: Thursday, May 01, 2003 10:09 PM To: nanog@merit.edu Subject: Guardian for ARIN Once upon a time, NSI handled both domain names and network addresses. NSI originally only checked the sender of the e-mail address matched its database. Spoofing the sender of an e-mail address is/was trivial, and eventually several domain names were hijacked by other unauthorized individuals. NSI added "Guardian" to their template process. Guardian permitted the points of contact (NIC-Handle) for objects in the NSI database to add a password (and allegedly a PGP key) to their records. Only templates using the correct password would be processed. Since NSI handled both names and numbers, a password on NIC-Handle protected both names and networks. ARIN was formed, and the duties associated with IP numbers (AS and IP addresses) were transfered to the new ARIN. However, Guardian or some alternative didn't seem to get transferred. So we're back to anyone who can spoof the point of contacts e-mail address can make changes to the ARIN records. Is it time for ARIN to re-add security to their database update procedures?