Guardian for ARIN
Lee Howard
lee.howard at mci.com
Fri May 2 13:50:37 UTC 2003
ARIN presented plans toward authentication at the recent Public Policy
Meeting:
http://www.arin.net/library/minutes/ARIN_XI/PDF/Tuesday/9_Authentication_Christensen.pdf
or
http://www.arin.net/library/minutes/ARIN_XI/PPT/Tuesday/9_Authentication_Christensen.ppt
Isn't it nice when they're responsive?
Lee
On Fri, 2 May 2003, Sean Donelan wrote:
> Date: Fri, 02 May 2003 01:09:01 -0400 (EDT)
> From: Sean Donelan <sean at donelan.com>
> To: nanog at merit.edu
> Subject: Guardian for ARIN
>
>
> Once upon a time, NSI handled both domain names and network addresses.
>
> NSI originally only checked the sender of the e-mail address matched its
> database. Spoofing the sender of an e-mail address is/was trivial, and
> eventually several domain names were hijacked by other unauthorized
> individuals.
>
> NSI added "Guardian" to their template process. Guardian permitted the
> points of contact (NIC-Handle) for objects in the NSI database to add a
> password (and allegedly a PGP key) to their records. Only templates using
> the correct password would be processed. Since NSI handled both names and
> numbers, a password on NIC-Handle protected both names and networks.
>
> ARIN was formed, and the duties associated with IP numbers (AS and IP
> addresses) were transfered to the new ARIN. However, Guardian or some
> alternative didn't seem to get transferred. So we're back to anyone
> who can spoof the point of contacts e-mail address can make changes
> to the ARIN records.
>
> Is it time for ARIN to re-add security to their database update
> procedures?
>
>
More information about the NANOG
mailing list