At 04:01 PM 10/16/98 -0500, Sean Donelan wrote:
This is too trivial for words. We do SSL authenticated registrations for our normal order processing, using CC transactions. I have always wondered why NSI can't run both SSL and take immediate CC payments for domain-registrations. It's not like they don't have the cash to make this happen. It also wouldn't hurt to setup some ssh-forwarded ports and drop the whole mess behind a firewall either.
Run of the mill SSL does not protect against client forgery or impersonation. It protects against transmission wiretapping and some types of server impersonation. I can use a forged credit card number with SSL.
With Certs it sure does. So does SSH.
Encryption is not a magic wand.
Like with any wand, one must know how to use it.
On the other hand, security is a pain. I know I haven't taken advantage of all the security features NSI offers for all the objects I have registered over the years. The Guardian workflow process is still annoyingly convuleted enough, the default ends up being no protection if you miss or forget any of the steps. I guess it makes sense from NSI's point of view, cutting down on the number of 'lost' password or PGP key calls.
One can set up secure automated processes for all of this, that's what MHSC actually does. Security *doesn't* have to be a PITA. It only becomes such when the designer is either incompetent or lazy.
Tell me again, what's your mother's maiden name? -- Sean Donelan, Data Research Associates, Inc, St. Louis, MO Affiliation given for identification not representation
___________________________________________________ Roeland M.J. Meyer, ISOC (InterNIC RM993) e-mail: <mailto:rmeyer@mhsc.com>rmeyer@mhsc.com Internet phone: hawk.mhsc.com Personal web pages: <http://www.mhsc.com/~rmeyer>www.mhsc.com/~rmeyer Company web-site: <http://www.mhsc.com/>www.mhsc.com/ ___________________________________________ I bet the human brain is a kludge. -- Marvin Minsky