Hi Joe, If you saw the mail exchange between Sandra and I, you will notice she mentioned the reason they have to go ahead with SIDR even though we have tools available from RIPE. What I have been trying to do is to figure out weaknesses. in the current infrastructure to get a secure behavior. As a first step I found out this weakness and updated RIPE/ Daniel about the same.
As we discussed earlier SIDR does not provide a totally secure infrastructure. The point here is that SIDR is giving some very basic improvements in the security, generally in the non-malicious case. The idea is can we get a similar security with the current infrastructure, by doing minor improvements. There is a certain cost involved with the SIDR infrastructure. I do not think the SSL channel has not been done because it is unnecessary. I guess there hasn't been an attack on that side of the infrastructure yet, but these are well known issues/ attacks in other fields. Thanks, Vishwas On Tue, Mar 4, 2008 at 7:43 AM, Joe Abley <[EMAIL PROTECTED]> wrote: > > On 4-Mar-2008, at 10:36, Vishwas Manral wrote: > > > To further explain it. In my view SSL is the right protocol for this > > kind of transaction (we could use IPSec with BTNS too though). As the > > idea is to get the information from the right server, the client > > itself could be any one. > > That seems like a feasible band-aid over the deficiencies of the > existing service, although it's clearly no panacea. It also has the > practical problem that existing scripts that use whois would need > modification, although the whois "protocol" and client are so trivial > that it would presumably be straightforward for someone to implement a > change to the (say) BSD client to implement an SSL wrapper with server- > side certificate verification. > > Allowing the integrity of the data itself to be trusted (e.g. using > the resource certification work) seems like a more appropriate > direction than worrying about the security of data retrieval, though, > which perhaps explains why SSL-wrapping whois has not already been > done by anybody. > > > Joe > > _______________________________________________ Sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
