On 4-Mar-2008, at 10:36, Vishwas Manral wrote: > To further explain it. In my view SSL is the right protocol for this > kind of transaction (we could use IPSec with BTNS too though). As the > idea is to get the information from the right server, the client > itself could be any one.
That seems like a feasible band-aid over the deficiencies of the existing service, although it's clearly no panacea. It also has the practical problem that existing scripts that use whois would need modification, although the whois "protocol" and client are so trivial that it would presumably be straightforward for someone to implement a change to the (say) BSD client to implement an SSL wrapper with server- side certificate verification. Allowing the integrity of the data itself to be trusted (e.g. using the resource certification work) seems like a more appropriate direction than worrying about the security of data retrieval, though, which perhaps explains why SSL-wrapping whois has not already been done by anybody. Joe _______________________________________________ Sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
