On Mon, Oct 22, 2001 at 03:38:35PM -0700, J.D. Falk wrote:
On 10/22/01, Joe Rhett <jrhett@isite.net> wrote:
i've been trying to add a pgp key to the verisign/netsol database for the past two weeks. i've sent four messages, opened three web help requests, and spent three hours on the phone with their helpdesk. they know less than their customers about their own procedures and web documentation for adding keys for PGP guardian auth.
Don't waste your time. We had PGP auth working for the last 6 years. It will slow down any change you want to make by 3-5 days. Around 30% will get rejected for no reason whatsoever, and much more fun stuff.
I've had PGP AUTH broken for the last 6 years, and had the same kind of experience. I just finished an ENTIRE MONTH of calling a couple of times a week to get a simple host record fixed. In one call, somebody changed me from PGP AUTH to MAIL-FROM without effectively confirming that I was really me.
I wrote this in March of 1999: I have gone to silly lengths to ensure that I am giving them a valid signature. Once I signed the template, and then verified the signature. I then copied it to another machine with a different PGP version and re-verified the signature. Then I mailed it to myself off-site and verified the signature on the remote system to ensure the mail system wasn't breaking something. Finally, I mailed it to hostmaster@internic.net and cc'd myself on and off-site. Both copies I got back verified fine. The Internic took a few days and then bounced it because they couldn't verify the signature. It never improved, and I eventually gave up. I'm using OpenSRS now. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson