Mailing List Archive

See http://www.networksolutions.com/help/registration/guardian.html .
Gardian summarizes the 3 levels of protection available to reach your NIC
records.

MAIL-FROM
Description: Changes come from a registered e-mail address

Encrypted password (CRYPT-PW)
Description: Changes are sent with a registered, encrypted password

Pretty Good Privacy (PGP)
Description: A PGP key is used to sign and authenticate registration
changes

See http://www.networksolutions.com/guardian/pgp.html for more about the
use of PGP with NetworkSolutions' mail server.

On Thu, 30 Sep 1999, Werner Koch wrote:
> Can someone please explain what the Guardian is?
>
> ----- Forwarded message from Charles Ritter <critter@sanjose.etla.net> -----
>
> Date: Wed, 29 Sep 1999 20:46:27 -0700 (PDT)
> From: Charles Ritter <critter@sanjose.etla.net>
> To: webmaster@gnupg.org
> Subject: GPG and Network Solutions
>
> Do keys generated with GPG work with Network Solutions' "Guardian"
> registration system?
>
> This will probably start to be a common question, so maybe you want to
> post it on gnupg.org for others.

Benoît Rigaut %^)

On Thu, Sep 30, 1999 at 10:59:49AM +0200, Benoit Rigaut wrote:
> Pretty Good Privacy (PGP)
> Description: A PGP key is used to sign and authenticate registration
> changes

Despite what the web pages say, this has not been offered for a
while now. Try it; you'll get a message after a few days that PGP
is no longer availible and suggesting that you use MAIL-FROM. I
don't know if CRYPT-PW is still offered or not. I bet it isn't;
it's just more work for them.

> > Do keys generated with GPG work with Network Solutions' "Guardian"
> > registration system?

They did, I think.

Who knows a .com/.net/.org registrar that does use a system
compatible with GPG/PGP5.5? I have a couple hundred domains for
the first one who does.

--
Rich Derr, sysadmin Have ssh, Will Telecommute
Web Design Group www.webdesigngroup.com TEL: +1 312 951 6688

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> On Thu, 30 Sep 1999, Werner Koch wrote:
> Can someone please explain what the Guardian is?

At 02:59 -0600 on 9/30/99, Benoit Rigaut wrote:
> See http://www.networksolutions.com/help/registration/guardian.html .
> Gardian summarizes the 3 levels of protection available to reach your NIC
> records.
>
> MAIL-FROM
> Description: Changes come from a registered e-mail address
>
> Encrypted password (CRYPT-PW)
> Description: Changes are sent with a registered, encrypted password
>
> Pretty Good Privacy (PGP)
> Description: A PGP key is used to sign and authenticate registration
> changes
>
> See http://www.networksolutions.com/guardian/pgp.html for more about the
> use of PGP with NetworkSolutions' mail server.


The Guardian protection applies to Contact records, and is used to
authenticate changes requested by those contacts to Domain records among
others.

In the real world, Network Solutions doesn't really understand PGP. Here are
some caveats:

1) Send your key in to their key server periodically. They sometimes forget
about keys they already have (they choose to not obtain keys from a global
key server). If they have forgotten about your key, they will send you an
error message that only indicates that the key you specified is not valid.

2) They will not discover the key ID used by reading the PGP packets, the way
everyone else uses PGP. Instead, you must place the key ID in the auth info
field. If you typo the ID, they will send you an error message that only
indicates that the key you specified is not valid.

3) Don't even think of doing PGP/MIME signing. If you use PGP/MIME, they
will send you an error message that only indicates that the key you specified
is not valid.

4) Sometimes they just send you an error message that only indicates that the
key you specified is not valid because they feel like doing so.

In the end, any problems they have with gnupg keys will be difficult to debug
because of their insane use of PGP and their worthless error reporting.


Richard

-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.1
Comment: www.europarl.eu.int/dg4/stoa/en/publi/166499/execsum.htm

iQA/AwUBN/NztWKSuJuuNAZUEQJkNgCdFtaCEdCYtNx6s8v1ctT+YhO+7UgAn05v
qJz8YfPQfK7NPSSbXJzSTRjS
=meDS
-----END PGP SIGNATURE-----

> Despite what the web pages say, this has not been offered for a
>while now. Try it; you'll get a message after a few days that PGP
>is no longer availible and suggesting that you use MAIL-FROM. I
>don't know if CRYPT-PW is still offered or not. I bet it isn't;
>it's just more work for them.

It is. I've just switched over to it. Mail-from is too easy to fake,
these days.

> Who knows a .com/.net/.org registrar that does use a system
>compatible with GPG/PGP5.5? I have a couple hundred domains for
>the first one who does.

My domains will go to practically anyone except netsol, when this
becomes possible...

Roger

--
Roger Burton West -/- roger@firedrake.org
http://www.firedrake.org/roger/ -/- ICQ UIN 48964316, occasionally
"Used to be you could be sure that a warrior was true;
Nowadays everyone knows that it's cool to be blue..."