[62969] in North American Network Operators' Group
Re: Verisign Responds
daemon@ATHENA.MIT.EDU (Wayne E. Bouchard)
Wed Sep 24 16:15:11 2003
Date: Wed, 24 Sep 2003 13:11:48 -0700
From: "Wayne E. Bouchard" <web@typo.org>
To: Jack Bates <jbates@brightok.net>
Cc: nanog@merit.edu
In-Reply-To: <3F71F47E.9020600@brightok.net>
Errors-To: owner-nanog-outgoing@merit.edu
--6c2NcOVqGQ03X4Wi
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
The fact of the change is operational. The specifics may not be. In
this case, you've gone beyond general operational content and started
to delve into protocol specifications and the implementation thereof
for which there is a dedicated list in which there are people with
quite a bit more average knowledge and experience in the matter than
folks here.
IMO, namedroppers is deffinitely the better forum.
On Wed, Sep 24, 2003 at 02:46:06PM -0500, Jack Bates wrote:
>=20
> Paul Vixie wrote:
>=20
> >you are confused. and in any case this is off-topic. take it to=20
> >namedroppers,
> >but before you do, please read rfc's 1033, 1034, 1035, 2136, 2181, and=
=20
> >2317.
>=20
> Can someone please tell me how a change to a critical component of the=20
> Internet which has the capacity to cause harm is not an operational issue?
>=20
> A TLD issues a wildcard. Instead of discovering if records match the=20
> wildcard and returning NXDOMAIN (which is what everone wanted), the=20
> software was designed to restrict records based on delegation.
>=20
> Delegation was not broken. The changes made allow engineers to break it.=
=20
> I'd consider this an issue. Reports have already come in of all the=20
> various domains that people will mandate delegate-only for. For the=20
> record, .museum was listed several times despite the request in=20
> documentation to not force delegation, as were other zones.
>=20
> In fact, many people were confused. They didn't understand what zone=20
> delegation was. For the record, I've read all the RFC's you posted. To=20
> many, it's an issue of wildcards. Yet BIND didn't solve the wildcard=20
> problem. It solved a delegation problem, which was not only "not broken"=
=20
> but has traditional use.
>=20
> Which "countermeasures" being implemented did the IAB have an issue=20
> with? I wonder since their arguement against the wildcards was the fact=
=20
> that it breaks traditional use. BIND now easily breaks traditional use.
>=20
> -Jack
>=20
>=20
---
Wayne Bouchard
web@typo.org
Network Dude
http://www.typo.org/~web/
--6c2NcOVqGQ03X4Wi
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
MessageID: fIigiNtN1CfJEIK761v4vRh0zqlnQR7I
iQA/AwUBP3H6g8s+4D5Zt972EQJMNACg/bmwmSKt1PAltZhgc6x0xVU3JDEAoMN4
xvNMRpxTIJvNUItIjkjdCVXp
=JzNg
-----END PGP SIGNATURE-----
--6c2NcOVqGQ03X4Wi--
