Guardian for ARIN

Lee Howard lee.howard at
Fri May 2 13:50:37 UTC 2003

ARIN presented plans toward authentication at the recent Public Policy


Isn't it nice when they're responsive?


On Fri, 2 May 2003, Sean Donelan wrote:

> Date: Fri, 02 May 2003 01:09:01 -0400 (EDT)
> From: Sean Donelan <sean at>
> To: nanog at
> Subject: Guardian for ARIN
> Once upon a time, NSI handled both domain names and network addresses.
> NSI originally only checked the sender of the e-mail address matched its
> database.  Spoofing the sender of an e-mail address is/was trivial, and
> eventually several domain names were hijacked by other unauthorized
> individuals.
> NSI added "Guardian" to their template process.  Guardian permitted the
> points of contact (NIC-Handle) for objects in the NSI database to add a
> password (and allegedly a PGP key) to their records.  Only templates using
> the correct password would be processed. Since NSI handled both names and
> numbers, a password on NIC-Handle protected both names and networks.
> ARIN was formed, and the duties associated with IP numbers (AS and IP
> addresses) were transfered to the new ARIN.  However, Guardian or some
> alternative didn't seem to get transferred.  So we're back to anyone
> who can spoof the point of contacts e-mail address can make changes
> to the ARIN records.
> Is it time for ARIN to re-add security to their database update
> procedures?

More information about the NANOG mailing list