[Dundi] Looking Glass

Scott Wolf lists at aginet.com
Sat Oct 30 18:07:16 CDT 2004


Mark Spencer wrote:

>> If a person was able to look up a number i publish into the peering 
>> network, would that not be enough evidence they have executed the 
>> GPA. I see no other way they could get ahold of the current rotating 
>> key without a GPA in place with some member.
>
>
> After discussion with Ed, we propose the following authentication 
> method which we believe would likely be in line with the letter and 
> spirit of the GPA:
>
> Require the user to send a password over SSL which is the md5sum of 
> the answer to a particular query for a number.  By requiring the 
> answer to a specific number, with rotating secret, served by the 
> authenticating party, they are proving that the party requesting 
> access is a member of the Trust Group.  Further, by sending the 
> md5sum, the party requesting access is not in violating the GPA by 
> transmiting route information.
>
> Mark
> _______________________________________________
> Dundi mailing list
> Dundi at lists.digium.com
> http://lists.digium.com/mailman/listinfo/dundi

This is very similar to what I proposed on irc the other night. I had 
not though of using md5, and therefor was not sure how to get around 
disclosing the route to verify access. I will try and implement this 
tomorow into the LG code.

Scott Wolf


More information about the Dundi mailing list