[Dundi] Looking Glass
Mark Spencer
markster at digium.com
Sat Oct 30 17:18:51 CDT 2004
> If a person was able to look up a number i publish into the peering network,
> would that not be enough evidence they have executed the GPA. I see no other
> way they could get ahold of the current rotating key without a GPA in place
> with some member.
After discussion with Ed, we propose the following authentication method
which we believe would likely be in line with the letter and spirit of the
GPA:
Require the user to send a password over SSL which is the md5sum of the
answer to a particular query for a number. By requiring the answer to a
specific number, with rotating secret, served by the authenticating party,
they are proving that the party requesting access is a member of the Trust
Group. Further, by sending the md5sum, the party requesting access is not
in violating the GPA by transmiting route information.
Mark
More information about the Dundi
mailing list