This is too trivial for words. We do SSL authenticated registrations for our normal order processing, using CC transactions. I have always wondered why NSI can't run both SSL and take immediate CC payments for domain-registrations. It's not like they don't have the cash to make this happen. It also wouldn't hurt to setup some ssh-forwarded ports and drop the whole mess behind a firewall either.
Run of the mill SSL does not protect against client forgery or impersonation. It protects against transmission wiretapping and some types of server impersonation. I can use a forged credit card number with SSL. Encryption is not a magic wand. On the other hand, security is a pain. I know I haven't taken advantage of all the security features NSI offers for all the objects I have registered over the years. The Guardian workflow process is still annoyingly convuleted enough, the default ends up being no protection if you miss or forget any of the steps. I guess it makes sense from NSI's point of view, cutting down on the number of 'lost' password or PGP key calls. Tell me again, what's your mother's maiden name? -- Sean Donelan, Data Research Associates, Inc, St. Louis, MO Affiliation given for identification not representation
At 04:01 PM 10/16/98 -0500, Sean Donelan wrote:
This is too trivial for words. We do SSL authenticated registrations for our normal order processing, using CC transactions. I have always wondered why NSI can't run both SSL and take immediate CC payments for domain-registrations. It's not like they don't have the cash to make this happen. It also wouldn't hurt to setup some ssh-forwarded ports and drop the whole mess behind a firewall either.
Run of the mill SSL does not protect against client forgery or impersonation. It protects against transmission wiretapping and some types of server impersonation. I can use a forged credit card number with SSL.
With Certs it sure does. So does SSH.
Encryption is not a magic wand.
Like with any wand, one must know how to use it.
On the other hand, security is a pain. I know I haven't taken advantage of all the security features NSI offers for all the objects I have registered over the years. The Guardian workflow process is still annoyingly convuleted enough, the default ends up being no protection if you miss or forget any of the steps. I guess it makes sense from NSI's point of view, cutting down on the number of 'lost' password or PGP key calls.
One can set up secure automated processes for all of this, that's what MHSC actually does. Security *doesn't* have to be a PITA. It only becomes such when the designer is either incompetent or lazy.
Tell me again, what's your mother's maiden name? -- Sean Donelan, Data Research Associates, Inc, St. Louis, MO Affiliation given for identification not representation
___________________________________________________ Roeland M.J. Meyer, ISOC (InterNIC RM993) e-mail: <mailto:rmeyer@mhsc.com>rmeyer@mhsc.com Internet phone: hawk.mhsc.com Personal web pages: <http://www.mhsc.com/~rmeyer>www.mhsc.com/~rmeyer Company web-site: <http://www.mhsc.com/>www.mhsc.com/ ___________________________________________ I bet the human brain is a kludge. -- Marvin Minsky
On the other hand, security is a pain. I know I haven't taken advantage of all the security features NSI offers for all the objects I have registered over the years. The Guardian workflow process is still annoyingly convuleted enough, the default ends up being no protection if you miss or forget any of the steps. I guess it makes sense from NSI's point of view, cutting down on the number of 'lost' password or PGP key calls.
<rant> And here we are in the UK with a basically pretty smooth system using pgp that lets us register/alter domains with seconds being the timeframe and mistakes a major rarity. Plenty of times that by the time the mail program has refreshed its inbox listing, the reply saying "done" is already back from Nominet. Sure - it could be lots better still and many good suggestions seem to take an age to happen. Sure - it couldn't cope with internic's load. But the thing works and shows there's no real excuse for internic to mess up so often so badly for so long. </rant>
participants (3)
-
Manar Hussain
-
Roeland M.J. Meyer
-
Sean Donelan