WARNING: AOL is hosed (again)
Sean Donelan
SEAN at SDG.DRA.COM
Fri Oct 16 21:01:02 UTC 1998
>This is too trivial for words. We do SSL authenticated registrations for
>our normal order processing, using CC transactions. I have always wondered
>why NSI can't run both SSL and take immediate CC payments for
>domain-registrations. It's not like they don't have the cash to make this
>happen. It also wouldn't hurt to setup some ssh-forwarded ports and drop
>the whole mess behind a firewall either.
Run of the mill SSL does not protect against client forgery or impersonation.
It protects against transmission wiretapping and some types of server
impersonation. I can use a forged credit card number with SSL.
Encryption is not a magic wand.
On the other hand, security is a pain. I know I haven't taken advantage
of all the security features NSI offers for all the objects I have registered
over the years. The Guardian workflow process is still annoyingly
convuleted enough, the default ends up being no protection if you miss or
forget any of the steps. I guess it makes sense from NSI's point of view,
cutting down on the number of 'lost' password or PGP key calls.
Tell me again, what's your mother's maiden name?
--
Sean Donelan, Data Research Associates, Inc, St. Louis, MO
Affiliation given for identification not representation
More information about the NANOG
mailing list