Hi all! Is it Internic becoming slower in their modifications? We have sent a modification request twice and until now - nothing has happened.... William ---------- Forwarded message ---------- Date: Thu, 24 Sep 1998 20:24:48 -0400 (EDT) From: Domain Registration Role Account <domreg@internic.net> To: armand@shell.egis.net Subject: Re: [NIC-980924.46494] Re: MODIFY DOMAIN dwrt.com Your request NIC-980924.46494 for [NIC-980924.46494] Re: MODIFY DOMAIN dwrt.com. could not be automatically processed. The request has been queued for manual processing. It will be processed within 5 business days. InterNIC Registration Services email hostmaster@internic.net voice (703) 742-4777 ============================================================
From armand@shell.egis.net Thu Sep 24 16:48:22 1998 Received: from opsmail.internic.net (opsmail.internic.net [198.41.0.91]) by mail-hub.internic.net (8.9.1/8.9.1) with ESMTP id QAA04873 for <hostmaster@mail-hub.internic.net>; Thu, 24 Sep 1998 16:48:21 -0400 (EDT) Received: from biprrs3.lb (biprrs3.lb.internic.net [192.168.120.41]) by opsmail.internic.net (8.9.1/8.9.1) with SMTP id QAA16745 for <hostmaster@internic.net>; Thu, 24 Sep 1998 16:47:54 -0400 (EDT) Received: (qmail 23915 invoked from network); 24 Sep 1998 05:58:06 -0000 Received: from unknown (HELO shell.egis.net) (202.163.235.6) by 192.168.119.41 with SMTP; 24 Sep 1998 05:58:06 -0000 Received: by shell.egis.net (Smail3.1.29.1 #57) id m0zMFSJ-001SlLC; Thu, 24 Sep 98 13:45 EDT Date: Thu, 24 Sep 1998 13:45:27 -0400 (EDT) From: Armand Hernandez <armand@shell.egis.net> To: hostmaster@internic.net Subject: [NIC-980924.46494] Re: MODIFY DOMAIN dwrt.com In-Reply-To: <199809240552.BAA17662@rrs2.lb.internic.net> Message-ID: <Pine.LNX.3.90.980924134523.9387A-100000@shell.egis.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-MTS-Ticket: 980924.46494 X-MTS-Type: Domain X-MTS-Mode: Modify X-MTS-Priority: Normal X-MTS-Status: Open X-MTS-Timestamp: 980924164822
On Thu, 24 Sep 1998 hostmaster@internic.net wrote:
---------------------------------------------------- This is the Domain Name Registration Agreement you recently created. In order to complete this modification,
YOU MUST E-MAIL THIS FORM TO: hostmaster@internic.net
After you e-mail this form, you should receive an auto-reply with a tracking number. You must use that number in the Subject of any future messages you send regarding this registration action. Once this registration action is completed you will receive a notification via e-mail.
[ URL http://rs.internic.net/cgi-bin/domain ] [ 03/98 ] [ URL ftp://rs.internic.net/templates/domain-template.txt ] [ 03/98 ]
******* Please DO NOT REMOVE Version Number or Sections A-Q ********
Domain Version Number: 4.0
******* Email completed agreement to hostmaster@internic.net *******
NETWORK SOLUTIONS, INC.
DOMAIN NAME REGISTRATION AGREEMENT
A. Introduction. This domain name registration agreement ("Registration Agreement") is submitted to NETWORK SOLUTIONS, INC. ("NSI") for the purpose of applying for and registering a domain name on the Internet. If this Registration Agreement is accepted by NSI, and a domain name is registered in NSI's domain name database and assigned to the Registrant, Registrant ("Registrant") agrees to be bound by the terms of this Registration Agreement and the terms of NSI's Domain Name Dispute Policy ("Dispute Policy") which is incorporated herein by reference and made a part of this Registration Agreement. This Registration Agreement shall be accepted at the offices of NSI.
B. Fees and Payments.
1) Registration or renewal (re-registration) date through March 31, 1998: Registrant agrees to pay a registration fee of One Hundred United States Dollars (US) as consideration for the registration of each new domain name or Fifty United States Dollars (US) to renew (re-register) an existing registration. 2) Registration or renewal date on and after April 1, 1998: Registrant agrees to pay a registration fee of Seventy United States Dollars (US) as consideration for the registration of each new domain name or the applicable renewal (re-registration) fee (currently Thirty-Five United States Dollars (US)) at the time of renewal (re-registration). 3) Period of Service: The non-refundable fee covers a period of two (2) years for each new registration, and one (1) year for each renewal, and includes any permitted modification(s) to the domain name record during the covered period. 4) Payment: Payment is due to Network Solutions within thirty (30) days from the date of the invoice.
C. Dispute Policy. Registrant agrees, as a condition to submitting this Registration Agreement, and if the Registration Agreement is accepted by NSI, that the Registrant shall be bound by NSI's current Dispute Policy. The current version of the Dispute Policy may be found at the InterNIC Registration Services web site: "http://www.netsol.com/rs/dispute-policy.html".
D. Dispute Policy Changes or Modifications. Registrant agrees that NSI, in its sole discretion, may change or modify the Dispute Policy, incorporated by reference herein, at any time. Registrant agrees that Registrant's maintaining the registration of a domain name after changes or modifications to the Dispute Policy become effective constitutes Registrant's continued acceptance of these changes or modifications. Registrant agrees that if Registrant considers any such changes or modifications to be unacceptable, Registrant may request that the domain name be deleted from the domain name database.
E. Disputes. Registrant agrees that, if the registration of its domain name is challenged by any third party, the Registrant will be subject to the provisions specified in the Dispute Policy.
F. Agents. Registrant agrees that if this Registration Agreement is completed by an agent for the Registrant, such as an ISP or Administrative Contact/Agent, the Registrant is nonetheless bound as a principal by all terms and conditions herein, including the Dispute Policy.
G. Limitation of Liability. Registrant agrees that NSI shall have no liability to the Registrant for any loss Registrant may incur in connection with NSI's processing of this Registration Agreement, in connection with NSI's processing of any authorized modification to the domain name's record during the covered period, as a result of the Registrant's ISP's failure to pay either the initial registration fee or renewal fee, or as a result of the application of the provisions of the Dispute Policy. Registrant agrees that in no event shall the maximum liability of NSI under this Agreement for any matter exceed Five Hundred United States Dollars (US).
H. Indemnity. Registrant agrees, in the event the Registration Agreement is accepted by NSI and a subsequent dispute arises with any third party, to indemnify and hold NSI harmless pursuant to the terms and conditions contained in the Dispute Policy.
I. Breach. Registrant agrees that failure to abide by any provision of this Registration Agreement or the Dispute Policy may be considered by NSI to be a material breach and that NSI may provide a written notice, describing the breach, to the Registrant. If, within thirty (30) days of the date of mailing such notice, the Registrant fails to provide evidence, which is reasonably satisfactory to NSI, that it has not breached its obligations, then NSI may delete Registrant's registration of the domain name. Any such breach by a Registrant shall not be deemed to be excused simply because NSI did not act earlier in response to that, or any other, breach by the Registrant.
J. No Guaranty. Registrant agrees that, by registration of a domain name, such registration does not confer immunity from objection to either the registration or use of the domain name.
K. Warranty. Registrant warrants by submitting this Registration Agreement that, to the best of Registrant's knowledge and belief, the information submitted herein is true and correct, and that any future changes to this information will be provided to NSI in a timely manner according to the domain name modification procedures in place at that time. Breach of this warranty will constitute a material breach.
L. Revocation. Registrant agrees that NSI may delete a Registrant's domain name if this Registration Agreement, or subsequent modification(s) thereto, contains false or misleading information, or conceals or omits any information NSI would likely consider material to its decision to approve this Registration Agreement.
M. Right of Refusal. NSI, in its sole discretion, reserves the right to refuse to approve the Registration Agreement for any Registrant. Registrant agrees that the submission of this Registration Agreement does not obligate NSI to accept this Registration Agreement. Registrant agrees that NSI shall not be liable for loss or damages that may result from NSI's refusal to accept this Registration Agreement.
N. Severability. Registrant agrees that the terms of this Registration Agreement are severable. If any term or provision is declared invalid, it shall not affect the remaining terms or provisions which shall continue to be binding.
O. Entirety. Registrant agrees that this Registration Agreement and the Dispute Policy is the complete and exclusive agreement between Registrant and NSI regarding the registration of Registrant's domain name. This Registration Agreement and the Dispute Policy supersede all prior agreements and understandings, whether established by custom, practice, policy, or precedent.
P. Governing Law. Registrant agrees that this Registration Agreement shall be governed in all respects by and construed in accordance with the laws of the Commonwealth of Virginia, United States of America. By submitting this Registration Agreement, Registrant consents to the exclusive jurisdiction and venue of the United States District Court for the Eastern District of Virginia, Alexandria Division. If there is no jurisdiction in the United States District Court for the Eastern District of Virginia, Alexandria Division, then jurisdiction shall be in the Circuit Court of Fairfax County, Fairfax, Virginia.
Q. This is Domain Name Registration Agreement Version Number 4.0. This Registration Agreement is only for registrations under top-level domains: COM, ORG, NET, and EDU. By completing and submitting this Registration Agreement for consideration and acceptance by NSI, the Registrant agrees that he/she has read and agrees to be bound by A through P above.
Authorization 0a. (N)ew (M)odify (D)elete.........: M 0b. Auth Scheme.....................: 0c. Auth Info.......................:
1. Comments........................:
2. Complete Domain Name............: dwrt.com
Organization Using Domain Name 3a. Organization Name................: 99.5 RT 3b. Street Address..................: 14/F JAKA (Royal Match) Bldg., 6780 Ayala Avenue 3c. City............................: Makati 3d. State...........................: MM 3e. Postal Code.....................: 1200 3f. Country.........................: PH
Administrative Contact 4a. NIC Handle (if known)...........: JRL17 4b. (I)ndividual (R)ole?............: Individual 4c. Name (Last, First)..............: 4d. Organization Name...............: 4e. Street Address..................: 4f. City............................: 4g. State...........................: 4h. Postal Code.....................: 4i. Country.........................: 4j. Phone Number....................: 4k. Fax Number......................: 4l. E-Mailbox.......................:
Technical Contact 5a. NIC Handle (if known)...........: JRL17 5b. (I)ndividual (R)ole?............: Individual 5c. Name(Last, First)...............: 5d. Organization Name...............: 5e. Street Address..................: 5f. City............................: 5g. State...........................: 5h. Postal Code.....................: 5i. Country.........................: 5j. Phone Number....................: 5k. Fax Number......................: 5l. E-Mailbox.......................:
Billing Contact 6a. NIC Handle (if known)...........: JRL17 6b. (I)ndividual (R)ole?............: Individual 6c. Name (Last, First)..............: 6d. Organization Name...............: 6e. Street Address..................: 6f. City............................: 6g. State...........................: 6h. Postal Code.....................: 6i. Country.........................: 6j. Phone Number....................: 6k. Fax Number......................: 6l. E-Mailbox.......................:
Prime Name Server 7a. Primary Server Hostname.........: NS1.PACIFIC.NET.PH 7b. Primary Server Netaddress.......: 210.23.234.33
Secondary Name Server(s) 8a. Secondary Server Hostname.......: NS2.PACIFIC.NET.PH 8b. Secondary Server Netaddress.....: 210.23.234.65
END OF AGREEMENT
For instructions, please refer to: "http://rs.internic.net/help/instructions.txt"
On Fri, 25 Sep 1998 william@pacific.net.ph wrote:
Hi all!
Is it Internic becoming slower in their modifications? We have sent a modification request twice and until now - nothing has happened....
It is not being sent from the address of one of the contacts, so it will not be automatically processed. Anything that isn't automatically processed gets printed and thrown into a big slightly malfunctioning paper shredder. Anything that makes it through the paper shreader is then looked at and sometimes responded to. The time that it takes for this to happen is based on the mandatory one week delay before it is printed just for good luck, and then the chances of making it through the shredder. Note that their method may vary slightly from that described above, but the effect is the same. Your chances at getting any response from hostmaster@internic.net to something that isn't handled automatically are slim to none in my experience. Normally, repeated phone calls and followup calls are the proper way to do this.
On Thu, Sep 24, 1998 at 09:54:48PM -0700, Marc Slemko wrote:
On Fri, 25 Sep 1998 william@pacific.net.ph wrote:
Hi all!
Is it Internic becoming slower in their modifications? We have sent a modification request twice and until now - nothing has happened....
It is not being sent from the address of one of the contacts, so it will not be automatically processed.
Anything that isn't automatically processed gets printed and thrown into a big slightly malfunctioning paper shredder. Anything that makes it through the paper shreader is then looked at and sometimes responded to. The time that it takes for this to happen is based on the mandatory one week delay before it is printed just for good luck, and then the chances of making it through the shredder. Note that their method may vary slightly from that described above, but the effect is the same.
I've found that on changes to domains for which I'm already a contact, setting my authentication to CRYPT-PW works well, causing changes to be completed within hours. Note that CRYPT-PW apparently only refers to how the passwords are stored on the InterNIC's servers; they're sent in plaintext when you e-mail the form. -- Anyone who spams me will be subject to torture by Jake, my killer attack hedgehog, and/or Lizzy and Junior, my man-eating iguanas.
Steven J. Sobol wrote:
I've found that on changes to domains for which I'm already a contact, setting my authentication to CRYPT-PW works well, causing changes to be completed within hours.
I just got a mail back today that was stuck in an internic mailhost for over a week. :-p Like, literally, stuck. Received: from mail-hub.internic.net (noc2.internic.net [198.41.0.70] (may be fo rged)) by eagle.ais.net (8.8.8/AIS) with ESMTP id SAA00815 for <jamie@ais.net>; Sun, 27 Sep 1998 18:57:48 -0500 (CDT) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ X-Authentication-Warning: eagle.ais.net: Host noc2.internic.net [198.41.0.70] (m ay be forged) claimed to be mail-hub.internic.net Received: (from mts@localhost) by mts1.internic.net (8.8.5/8.8.4) id RAA02354; Tue, 15 Sep 1998 17:45:38 -0400 (EDT) ^^^^^^^^^^^^^^^^^^^^^^^^^ -- jamie rishaw (efnet:gavroche) American Information Systems, Inc. Tel:312.425.7140, FAX:312.425.7240 Help stop spam! router(config)#no ip routing thirty thousand feet above the earth..youre a beautiful thing..
On Sun, Sep 27, 1998 at 11:14:42PM -0400, Steven J. Sobol wrote:
I've found that on changes to domains for which I'm already a contact, setting my authentication to CRYPT-PW works well, causing changes to be completed within hours.
Note that CRYPT-PW apparently only refers to how the passwords are stored on the InterNIC's servers; they're sent in plaintext when you e-mail the form.
Well, you know... no. I've seen the mail generated when you fill in the webform, and choose CRYPT-PW. The CGI script encrypts the cleartext password, and that's what's in the field in the email when it's mailed to you for forwarding. Whether they intend for you to cut it out and save it for future mailings or what I've never been sure... Cheers, -- jra -- Jay R. Ashworth jra@baylink.com Member of the Technical Staff "The net is safer in bad weather: you The Suncoast Freenet can't run a backhoe Tampa Bay, Florida in a hurricane." (after Sean Donelan) +1 813 790 7592 Managing Editor, Top Of The Key sports e-zine ------------ http://www.totk.com
On Mon, Sep 28, 1998 at 05:15:30PM -0400, Jay R. Ashworth wrote:
On Sun, Sep 27, 1998 at 11:14:42PM -0400, Steven J. Sobol wrote:
I've found that on changes to domains for which I'm already a contact, setting my authentication to CRYPT-PW works well, causing changes to be completed within hours.
Note that CRYPT-PW apparently only refers to how the passwords are stored on the InterNIC's servers; they're sent in plaintext when you e-mail the form.
Well, you know... no. I've seen the mail generated when you fill in the webform, and choose CRYPT-PW. The CGI script encrypts the cleartext password, and that's what's in the field in the email when it's mailed to you for forwarding.
Jay, my friend, I hate to be argumentative, but... Authorization 0a. (N)ew (M)odify (D)elete.........: M 0b. Auth Scheme.....................: CRYPT-PW 0c. Auth Info.......................: sj.3989. That is indeed the password associated with my NIC handle. Or was, anyhow. I've since changed it. That was in the e-mail sent to me, which was not PGP'd or encrypted in any way. This is rather silly. YES, it IS encrypted when you originally set the password. It IS NOT encrypted in a domain registration form though. It should be. For that matter, the OLD password is not encrypted on the contact form if you are modifying contact information for a certain handle, either. I guess that is supposed to make it easier to fill in the text file and mail it, as opposed to going to the web site. But it defeats the whole purpose of having an encrypted password. Are people still having trouble with PGP, or has it been fixed? -- Anyone who spams me will be subject to torture by Jake, my killer attack hedgehog, and/or Lizzy and Junior, my man-eating iguanas.
On Mon, Sep 28, 1998 at 07:18:25PM -0400, Steven J. Sobol wrote:
On Mon, Sep 28, 1998 at 05:15:30PM -0400, Jay R. Ashworth wrote:
On Sun, Sep 27, 1998 at 11:14:42PM -0400, Steven J. Sobol wrote:
I've found that on changes to domains for which I'm already a contact, setting my authentication to CRYPT-PW works well, causing changes to be completed within hours.
Note that CRYPT-PW apparently only refers to how the passwords are stored on the InterNIC's servers; they're sent in plaintext when you e-mail the form.
Well, you know... no. I've seen the mail generated when you fill in the webform, and choose CRYPT-PW. The CGI script encrypts the cleartext password, and that's what's in the field in the email when it's mailed to you for forwarding.
Jay, my friend, I hate to be argumentative, but...
Authorization 0a. (N)ew (M)odify (D)elete.........: M 0b. Auth Scheme.....................: CRYPT-PW 0c. Auth Info.......................: sj.3989.
That is indeed the password associated with my NIC handle. Or was, anyhow. I've since changed it.
That was in the e-mail sent to me, which was not PGP'd or encrypted in any way.
This is rather silly. YES, it IS encrypted when you originally set the password. It IS NOT encrypted in a domain registration form though. It should be.
Then what stops me from finding your original crypt() and sending that in. In the case of what you want, pgp is the correct solution.
On Mon, Sep 28, 1998 at 07:50:01PM -0400, Jared Mauch wrote:
Then what stops me from finding your original crypt() and sending that in.
In the case of what you want, pgp is the correct solution.
Jared, I agree with you and would prefer pgp, but several people on this list have said that pgp auth is broken.... thus my question "has it been fixed"... So, for right now, CRYPT-PW seems to be the way to go... it's at least faster than MAIL-FROM. -- Anyone who spams me will be subject to torture by Jake, my killer attack hedgehog, and/or Lizzy and Junior, my man-eating iguanas.
On Mon, 28 Sep 1998, Steven J. Sobol wrote:
That is indeed the password associated with my NIC handle. Or was, anyhow. I've since changed it.
That was in the e-mail sent to me, which was not PGP'd or encrypted in any way.
This is rather silly. YES, it IS encrypted when you originally set the password. It IS NOT encrypted in a domain registration form though. It should be.
Just like any security issue, you define what attacks you want to prevent and what costs you are willing to pay for them. In this case, the attack prevented by CRYPT-PW is an unauthorized person making changes to a domain, which was a real problem when this was introduced. The problem was specifically not that your email containing the password might be intercepted. If you want that security, you need some digital signature algorithm, such as PGP.
For that matter, the OLD password is not encrypted on the contact form if you are modifying contact information for a certain handle, either.
I guess that is supposed to make it easier to fill in the text file and mail it, as opposed to going to the web site. But it defeats the whole purpose of having an encrypted password.
I think it does its role exactly as intended - a level of security above MAIL-FROM (essentially no security) without requiring complicated software on the user end. If you want complete security, you need some sort of digital signature, which is precisely why they also offer PGP.
Are people still having trouble with PGP, or has it been fixed?
Don't know, most everything we do is with our role account, which has to be CRYPT-PW rather than PGP since various programs generate requests automatically, which would be difficult to do with PGP. John Tamplin Traveller Information Services jat@Traveller.COM 2104 West Ferry Way 256/705-7007 - FAX 256/705-7100 Huntsville, AL 35801
On Mon, Sep 28, 1998 at 07:18:25PM -0400, Steven J. Sobol wrote:
Note that CRYPT-PW apparently only refers to how the passwords are stored on the InterNIC's servers; they're sent in plaintext when you e-mail the form.
Well, you know... no. I've seen the mail generated when you fill in the webform, and choose CRYPT-PW. The CGI script encrypts the cleartext password, and that's what's in the field in the email when it's mailed to you for forwarding.
Jay, my friend, I hate to be argumentative, but...
Authorization 0a. (N)ew (M)odify (D)elete.........: M 0b. Auth Scheme.....................: CRYPT-PW 0c. Auth Info.......................: sj.3989.
That is indeed the password associated with my NIC handle. Or was, anyhow. I've since changed it.
That was in the e-mail sent to me, which was not PGP'd or encrypted in any way.
They've changed it, then. When I last used CRYPT-PW to register a domain, I entered my password into the webform and the mail I was sent to forward back in had a crypt(2) looking string in that position.
For that matter, the OLD password is not encrypted on the contact form if you are modifying contact information for a certain handle, either.
The entire operation is pretty teen-age, as fas as I'm concerned.
I guess that is supposed to make it easier to fill in the text file and mail it, as opposed to going to the web site. But it defeats the whole purpose of having an encrypted password.
Quite. Cheers, -- jra -- Jay R. Ashworth jra@baylink.com Member of the Technical Staff "The net is safer in bad weather: you The Suncoast Freenet can't run a backhoe Tampa Bay, Florida in a hurricane." (after Sean Donelan) +1 813 790 7592 Managing Editor, Top Of The Key sports e-zine ------------ http://www.totk.com
participants (7)
-
jamie@dilbert.ais.net
-
Jared Mauch
-
Jay R. Ashworth
-
John A. Tamplin
-
Marc Slemko
-
Steven J. Sobol
-
william@pacific.net.ph