nanog mailing list archives
Re: data request on Sitefinder
From: Kee Hinckley <nazgul () somewhere com>
Date: Mon, 20 Oct 2003 13:31:41 -0400
At 10:59 AM -0400 10/20/03, Steve Bellovin wrote:
So -- how much notice would the operator community want before deploying new software? What about for enterprises? (We all know that stuff *can* be deployed more quickly in emergency circumstances. We also know the problems that that can lead to, which is why we generally want testing and controlled deployment.)
I don't even want to start down that path. If we were talking normal software development and deployment schedules we'd be talking six months to a year from notice to the software company to deployment. But obviously that isn't going to happen. As a software developer I'd want at least 30-60 days to do development and testing. As a service provider thought, I'm pretty conservative about updating my servers. And of course this change probably wouldn't be back-patched into old versions, so that means I'm biting off all kinds of other changes that I need to test as well.
More importantly--Verisign needs to deploy alternate servers so it's actually possible to test software against the changes they propose to make. Otherwise we're just running around guessing what the behavior is going to be.
But fundamentally the problem is this. There is no way to handle root wildcards by various registries in a standard and reliable way. Verisign has not even been able to provide code for how to handle *their* wildcard in a reliable way. Each registry may implement different features with different behaviors. What works for one won't necessarily work for another. And every time any one of them changes, or a new registry is added, every single piece of software that relies on a particular behavior has to be checked and possibly patched. We can't afford to run the internet that way.
-- Kee Hinckley http://www.messagefire.com/ Next Generation Spam Defense http://commons.somewhere.com/buzz/ Writings on Technology and Society I'm not sure which upsets me more: that people are so unwilling to accept responsibility for their own actions, or that they are so eager to regulate everyone else's.
Current thread:
- data request on Sitefinder Steve Bellovin (Oct 20)
- RE: data request on Sitefinder Jeroen Massar (Oct 20)
- RE: data request on Sitefinder Howard C. Berkowitz (Oct 20)
- Re: data request on Sitefinder todd glassey (Oct 20)
- RE: data request on Sitefinder Jeroen Massar (Oct 20)
- sclavos interview (Re: data request on Sitefinder) Paul Vixie (Oct 20)
- RE: data request on Sitefinder Howard C. Berkowitz (Oct 20)
- RE: data request on Sitefinder Jeroen Massar (Oct 20)
- Re: data request on Sitefinder Kee Hinckley (Oct 20)
- Re[2]: data request on Sitefinder Richard Welty (Oct 20)
- Re: data request on Sitefinder Owen DeLong (Oct 20)
- Re: data request on Sitefinder todd glassey (Oct 20)
- Re: data request on Sitefinder William Allen Simpson (Oct 20)
- Re[2]: data request on Sitefinder Richard Welty (Oct 20)
- Re: data request on Sitefinder Steven M. Bellovin (Oct 20)
- Re: data request on Sitefinder Dave Israel (Oct 20)
- Re[2]: data request on Sitefinder Richard Welty (Oct 20)
- Re[2]: data request on Sitefinder Howard C. Berkowitz (Oct 20)
- Re[3]: data request on Sitefinder Richard Welty (Oct 20)