This is too trivial for words. We do SSL authenticated registrations for our normal order processing, using CC transactions. I have always wondered why NSI can't run both SSL and take immediate CC payments for domain-registrations. It's not like they don't have the cash to make this happen. It also wouldn't hurt to setup some ssh-forwarded ports and drop the whole mess behind a firewall either.
Run of the mill SSL does not protect against client forgery or impersonation. It protects against transmission wiretapping and some types of server impersonation. I can use a forged credit card number with SSL. Encryption is not a magic wand. On the other hand, security is a pain. I know I haven't taken advantage of all the security features NSI offers for all the objects I have registered over the years. The Guardian workflow process is still annoyingly convuleted enough, the default ends up being no protection if you miss or forget any of the steps. I guess it makes sense from NSI's point of view, cutting down on the number of 'lost' password or PGP key calls. Tell me again, what's your mother's maiden name? -- Sean Donelan, Data Research Associates, Inc, St. Louis, MO Affiliation given for identification not representation