; >-Original Message-
> >From: NANOG [mailto:nanog-bounces+kmedcalf=dessus@nanog.org] On
> >Behalf Of Seth Mattinen
> >Sent: Tuesday, 26 February, 2019 09:36
> >To: nanog@nanog.org
> >Subject: Re: 2FA, was A Deep Dive on the Recent Widespread DNS
> >
On Tue, Feb 26, 2019 at 9:56 PM Keith Medcalf wrote:
> I did write my own TOTP client. However, why do you assume that I am talking
> about a TOTP client and not the referred webpage which requires the
> unfettered execution of third-party (likely malicious) javascript in order to
> view? Not
sday, 26 February, 2019 09:36
>To: nanog@nanog.org
>Subject: Re: 2FA, was A Deep Dive on the Recent Widespread DNS
>Hijacking
>
>On 2/25/19 9:59 PM, Keith Medcalf wrote:
>> Are you offering an indemnity in case that code is malicious? What
>are the terms and the amount
On Tue, Feb 26, 2019 at 9:51 AM wrote:
> On Tue, 26 Feb 2019 08:36:11 -0800, Seth Mattinen said:
> > On 2/25/19 9:59 PM, Keith Medcalf wrote:
> > > Are you offering an indemnity in case that code is malicious? What
> are the
> > > terms and the amount of the indemnity?
>
> > Anyone who is that p
On Tue, 26 Feb 2019 08:36:11 -0800, Seth Mattinen said:
> On 2/25/19 9:59 PM, Keith Medcalf wrote:
> > Are you offering an indemnity in case that code is malicious? What are the
> > terms and the amount of the indemnity?
> Anyone who is that paranoid should read the RFC and write their own TOTP
On 2/25/19 9:59 PM, Keith Medcalf wrote:
Are you offering an indemnity in case that code is malicious? What are the
terms and the amount of the indemnity?
Anyone who is that paranoid should read the RFC and write their own TOTP
client that lets them indemnify themselves from their own code.
Keith,
On Tue, Feb 26, 2019 at 6:00 AM Keith Medcalf wrote:
> >https://twofactorauth.org/#domains gives a good view of the domain
> >management landscape regarding 2FA.
>
> Seems to require the unfettered execution of third-party code ...
>
> Are you offering an indemnity in case that code is mal
>https://twofactorauth.org/#domains gives a good view of the domain
>management landscape regarding 2FA.
Seems to require the unfettered execution of third-party code ...
Are you offering an indemnity in case that code is malicious? What are the
terms and the amount of the indemnity?
---
The
On Tue, Feb 26, 2019 at 12:14 AM John Levine wrote:
> In article <24679.1551146...@turing-police.cc.vt.edu> you write:
> >So what registries/registrars are supporting 2FA that's better than SMS?
>
> Opensrs does TOTP. It's certainly not bulletproof, but it's tied to
> your actual phone rather th
In article <24679.1551146...@turing-police.cc.vt.edu> you write:
>So what registries/registrars are supporting 2FA that's better than SMS?
Opensrs does TOTP. It's certainly not bulletproof, but it's tied to
your actual phone rather than the phone number. (We careful folk put
our TOTP keys on a c
10 matches
Mail list logo
