[Dundi] Looking Glass
Joe Abley
jabley at automagic.org
Sat Oct 30 21:37:49 CDT 2004
On 30 Oct 2004, at 18:18, Mark Spencer wrote:
>> If a person was able to look up a number i publish into the peering
>> network, would that not be enough evidence they have executed the
>> GPA. I see no other way they could get ahold of the current rotating
>> key without a GPA in place with some member.
>
> After discussion with Ed, we propose the following authentication
> method which we believe would likely be in line with the letter and
> spirit of the GPA:
>
> Require the user to send a password over SSL which is the md5sum of
> the answer to a particular query for a number. By requiring the
> answer to a specific number, with rotating secret, served by the
> authenticating party, they are proving that the party requesting
> access is a member of the Trust Group. Further, by sending the
> md5sum, the party requesting access is not in violating the GPA by
> transmiting route information.
Why require SSL?
Joe
More information about the Dundi
mailing list