nanog mailing list archives

Re: Verisign Responds

From: "Wayne E. Bouchard" <web () typo org>
Date: Wed, 24 Sep 2003 13:11:48 -0700

The fact of the change is operational. The specifics may not be. In
this case, you've gone beyond general operational content and started
to delve into protocol specifications and the implementation thereof
for which there is a dedicated list in which there are people with
quite a bit more average knowledge and experience in the matter than
folks here.

IMO, namedroppers is deffinitely the better forum.

On Wed, Sep 24, 2003 at 02:46:06PM -0500, Jack Bates wrote:


Paul Vixie wrote:

you are confused. and in any case this is off-topic. take it to 
namedroppers,
but before you do, please read rfc's 1033, 1034, 1035, 2136, 2181, and 
2317.


Can someone please tell me how a change to a critical component of the 
Internet which has the capacity to cause harm is not an operational issue?

A TLD issues a wildcard. Instead of discovering if records match the 
wildcard and returning NXDOMAIN (which is what everone wanted), the 
software was designed to restrict records based on delegation.

Delegation was not broken. The changes made allow engineers to break it. 
I'd consider this an issue. Reports have already come in of all the 
various domains that people will mandate delegate-only for. For the 
record, .museum was listed several times despite the request in 
documentation to not force delegation, as were other zones.

In fact, many people were confused. They didn't understand what zone 
delegation was. For the record, I've read all the RFC's you posted. To 
many, it's an issue of wildcards. Yet BIND didn't solve the wildcard 
problem. It solved a delegation problem, which was not only "not broken" 
but has traditional use.

Which "countermeasures" being implemented did the IAB have an issue 
with? I wonder since their arguement against the wildcards was the fact 
that it breaks traditional use. BIND now easily breaks traditional use.

-Jack


---
Wayne Bouchard
web () typo org
Network Dude
http://www.typo.org/~web/

Attachment: _bin
Description:

Current thread:

Re: Verisign Responds, (continued)
- - - Re: Verisign Responds Dave Crocker (Sep 23)
    - Re: Verisign Responds Jim Segrave (Sep 24)
    - Re: Verisign Responds Eliot Lear (Sep 24)
    - Re: Verisign Responds Jack Bates (Sep 23)
    - Re: Verisign Responds Paul Vixie (Sep 23)
    - Re: Verisign Responds Jack Bates (Sep 24)
    - Re: Verisign Responds Paul Vixie (Sep 24)
    - Re: Verisign Responds Jack Bates (Sep 24)
    - Re: Verisign Responds Paul Vixie (Sep 24)
    - Re: Verisign Responds Jack Bates (Sep 24)
    - Re: Verisign Responds Wayne E. Bouchard (Sep 24)
- Verisign Responds David Lesher (Sep 22)
- Re: Verisign Responds Rich Braun (Sep 23)
- Re: Verisign Responds Michael . Dillon (Sep 24)
- Re: Verisign Responds Michael . Dillon (Sep 25)
- Re: Verisign Responds Michael . Dillon (Sep 25)