This is too trivial for words. We do SSL authenticated registrations for
our normal order processing, using CC transactions. I have always wondered
why NSI can't run both SSL and take immediate CC payments for
domain-registrations. It's not like they don't have the cash to make this
happen. It also wouldn't hurt to setup some ssh-forwarded ports and drop
the whole mess behind a firewall either.
Run of the mill SSL does not protect against client forgery or impersonation.
It protects against transmission wiretapping and some types of server
impersonation. I can use a forged credit card number with SSL.
Encryption is not a magic wand.
On the other hand, security is a pain. I know I haven't taken advantage
of all the security features NSI offers for all the objects I have registered
over the years. The Guardian workflow process is still annoyingly
convuleted enough, the default ends up being no protection if you miss or
forget any of the steps. I guess it makes sense from NSI's point of view,
cutting down on the number of 'lost' password or PGP key calls.
Tell me again, what's your mother's maiden name?
This is too trivial for words. We do SSL authenticated registrations for
our normal order processing, using CC transactions. I have always wondered
why NSI can't run both SSL and take immediate CC payments for
domain-registrations. It's not like they don't have the cash to make this
happen. It also wouldn't hurt to setup some ssh-forwarded ports and drop
the whole mess behind a firewall either.
Run of the mill SSL does not protect against client forgery or impersonation.
It protects against transmission wiretapping and some types of server
impersonation. I can use a forged credit card number with SSL.
With Certs it sure does. So does SSH.
Encryption is not a magic wand.
Like with any wand, one must know how to use it.
On the other hand, security is a pain. I know I haven't taken advantage
of all the security features NSI offers for all the objects I have registered
over the years. The Guardian workflow process is still annoyingly
convuleted enough, the default ends up being no protection if you miss or
forget any of the steps. I guess it makes sense from NSI's point of view,
cutting down on the number of 'lost' password or PGP key calls.
One can set up secure automated processes for all of this, that's what MHSC
actually does. Security *doesn't* have to be a PITA. It only becomes such
when the designer is either incompetent or lazy.
On the other hand, security is a pain. I know I haven't taken advantage
of all the security features NSI offers for all the objects I have registered
over the years. The Guardian workflow process is still annoyingly
convuleted enough, the default ends up being no protection if you miss or
forget any of the steps. I guess it makes sense from NSI's point of view,
cutting down on the number of 'lost' password or PGP key calls.
<rant>
And here we are in the UK with a basically pretty smooth system using pgp
that lets us register/alter domains with seconds being the timeframe and
mistakes a major rarity. Plenty of times that by the time the mail program
has refreshed its inbox listing, the reply saying "done" is already back
from Nominet. Sure - it could be lots better still and many good
suggestions seem to take an age to happen. Sure - it couldn't cope with
internic's load. But the thing works and shows there's no real excuse for
internic to mess up so often so badly for so long.
</rant>