WARNING: AOL is hosed (again)

Sean Donelan SEAN at SDG.DRA.COM
Fri Oct 16 21:01:02 UTC 1998


>This is too trivial for words. We do SSL authenticated registrations for
>our normal order processing, using CC transactions. I have always wondered
>why NSI can't run both SSL and take immediate CC payments for
>domain-registrations. It's not like they don't have the cash to make this
>happen. It also wouldn't hurt to setup some ssh-forwarded ports and drop
>the whole mess behind a firewall either.

Run of the mill SSL does not protect against client forgery or impersonation.
It protects against transmission wiretapping and some types of server
impersonation.  I can use a forged credit card number with SSL.

Encryption is not a magic wand.

On the other hand, security is a pain.  I know I haven't taken advantage
of all the security features NSI offers for all the objects I have registered
over the years.  The Guardian workflow process is still annoyingly
convuleted enough, the default ends up being no protection if you miss or
forget any of the steps.  I guess it makes sense from NSI's point of view,
cutting down on the number of 'lost' password or PGP key calls.

Tell me again, what's your mother's maiden name?
-- 
Sean Donelan, Data Research Associates, Inc, St. Louis, MO
  Affiliation given for identification not representation




More information about the NANOG mailing list