[Dundi] Looking Glass
Scott Wolf
lists at aginet.com
Sat Oct 30 18:07:16 CDT 2004
Mark Spencer wrote:
>> If a person was able to look up a number i publish into the peering
>> network, would that not be enough evidence they have executed the
>> GPA. I see no other way they could get ahold of the current rotating
>> key without a GPA in place with some member.
>
>
> After discussion with Ed, we propose the following authentication
> method which we believe would likely be in line with the letter and
> spirit of the GPA:
>
> Require the user to send a password over SSL which is the md5sum of
> the answer to a particular query for a number. By requiring the
> answer to a specific number, with rotating secret, served by the
> authenticating party, they are proving that the party requesting
> access is a member of the Trust Group. Further, by sending the
> md5sum, the party requesting access is not in violating the GPA by
> transmiting route information.
>
> Mark
> _______________________________________________
> Dundi mailing list
> Dundi at lists.digium.com
> http://lists.digium.com/mailman/listinfo/dundi
This is very similar to what I proposed on irc the other night. I had
not though of using md5, and therefor was not sure how to get around
disclosing the route to verify access. I will try and implement this
tomorow into the LG code.
Scott Wolf
More information about the Dundi
mailing list