Re: anyone remember when the root servers were hi-jacked? (fwd)
Craig Simon wrote: > I've got a lot of information on this which I'd be happy to share and > exchange, but I still need and want more details. I'm not sure the IETF > list is the best place to discuss this matter, however, and if anyone > can suggest an alternative site, I'd gladly participate there. Consider the internet-history list. More info at http://www.postel.org/internet-history/. --aaron
Re: anyone remember when the root servers were hi-jacked? (fwd)
I've got a lot of information on this which I'd be happy to share and exchange, but I still need and want more details. I'm not sure the IETF list is the best place to discuss this matter, however, and if anyone can suggest an alternative site, I'd gladly participate there. Please be aware that I got it partly wrong in my 1998 paper that Michael Froomkin cited regarding that incident. I apologize for a misstatement which may have been widely propagated. To clarify, the server operators who complied with the redirection request were pulling the root zone from a separate machine at ISI -- DNSROOT.IANA.ORG -- not B. The research I've done on this is a central part of my Ph.D. dissertation. Anyone who has been holding their breath waiting to read it is long dead by now, but I am advancing. It's interesting stuff. I don't have any after-the-fact explanation from Jon Postel himself regarding his motivation, but I disagree with the statement that his goal was to "embarrass" the USG. Though it's fair to say that he was acting partly in reaction to pressures from members of CORE, I think his primary rationale was a deeply held conception of loyalty to the Internet community and its processes. I argue that he put that sense of loyalty ahead of loyalty to the officers of the US Government and their clearly stated wishes, as expressed by Ira Magaziner. It took a plain threat of coercion from the USG to make him bow and reverse the move. The problem of divided loyalty and authority in the Internet community stretches back to RFC 1174, and was tested in the redirection incident. Also, while John Gilmore was evidently an important agent leading the call for the redirection -- at that particular time -- Paul Vixie evidently was not -- at that particular time. Vixie had urged such a move in the past, when the atmosphere was not so charged, but his role in the Jan 1998 episode seems to have been similar to that of the other operators who complied with the request. They went along, even with raised eyebrows, but they trusted Postel's judgment and acted with loyalty to him and the processes he represented. Again, I'd be willing to engage this further, and I'd be thrilled to be set straight if I've got any other flat facts wrong. Right now I'm most interested in getting nitty gritty details about the negotiations between CORE and Ira Magaziner in late 97 early 98, if anyone here can help me with that. I'm even more interested in the September 1995 discussion that ultimately allowed NSI to begin charging for names, but Don Mitchell hasn't answered my emails. Craig Simon Michael Froomkin - U.Miami School of Law wrote: http://www.law.miami.edu/~froomkin/articles/icann-body.htm#B170 tells the story as best I could reconstruct it. There are footnotes to the documents I could find. On Thu, 31 Oct 2002 [EMAIL PROTECTED] wrote: I'm looking for sources of information on the hi-jacking of the usg root servers by Postel, Gilmore and Vixie. Anyone remember this? It was on Jan 27 1998 when postel convenced a number of the root operators to switch the primary from a root to f root (paul vixie). This seems to have been done to embarrase the federal government - Ira magaziner the presidential science advisor took a birdy and treatened postel with a visit from the men in black. I can understand magaziners disposition at the time. The postel "test" was a day prior to the Jan 28 release of the presidential green paper and left magaziner holding the eggs so to speak. thanks in advance for any links you may have in your archives.
Re: anyone remember when the root servers were hi-jacked? (fwd)
http://www.law.miami.edu/~froomkin/articles/icann-body.htm#B170 tells the story as best I could reconstruct it. There are footnotes to the documents I could find. On Thu, 31 Oct 2002 [EMAIL PROTECTED] wrote: > > I'm looking for sources of information on the hi-jacking of the usg root > servers by Postel, Gilmore and Vixie. > > Anyone remember this? It was on Jan 27 1998 when postel convenced a > number of the root operators to switch the primary from a root to f root > (paul vixie). This seems to have been done to embarrase the federal > government - Ira magaziner the presidential science advisor took a birdy > and treatened postel with a visit from the men in black. > > I can understand magaziners disposition at the time. The postel "test" > was a day prior to the Jan 28 release of the presidential green paper and > left magaziner holding the eggs so to speak. > > thanks in advance for any links you may have in your archives. > > > > > -- Please visit http://www.icannwatch.org A. Michael Froomkin |Professor of Law| [EMAIL PROTECTED] U. Miami School of Law, P.O. Box 248087, Coral Gables, FL 33124 USA +1 (305) 284-4285 | +1 (305) 284-6506 (fax) | http://www.law.tm -->It's hot here.<--
anyone remember when the root servers were hi-jacked? (fwd)
I'm looking for sources of information on the hi-jacking of the usg root servers by Postel, Gilmore and Vixie. Anyone remember this? It was on Jan 27 1998 when postel convenced a number of the root operators to switch the primary from a root to f root (paul vixie). This seems to have been done to embarrase the federal government - Ira magaziner the presidential science advisor took a birdy and treatened postel with a visit from the men in black. I can understand magaziners disposition at the time. The postel "test" was a day prior to the Jan 28 release of the presidential green paper and left magaziner holding the eggs so to speak. thanks in advance for any links you may have in your archives.
Re: mail headers for announce
On 30 Oct 2002, Perry E. Metzger wrote: > Dave Crocker <[EMAIL PROTECTED]> writes: > > Wednesday, October 30, 2002, 1:38:54 PM, you wrote: > > Perry> As I use Return-Path: headers to filter my mail, this has gotten > > Perry> annoying, Yes, I can indeed kludge around it, but is there a > > Perry> particular reason for this being done? > > > > Using return-path is a bit like paying attention to what mailbox a postal > > letter is dropped into. > > > > looking for ietf-announce in the recipient list works better. > > The recipient list is a pretty poor way to deal with things when you > get mail sent to multiple lists you're on, and often the To: line ends > up with nothing at all. The Return-Path: is generally the surest way > to know which of the lists each of the messages was sent to. I've > tried lots of things over the years, and Return-Path: is what works > the best. I'm on a few hundred mailing lists so the matter is somewhat > important to me. On the other hand, when someone replies to you on most mailing-lists (To: you, Cc: m-l), at least _I_ don't want those hundreds of messages in my inbox, rather in the respective folders (both direct mail and the mailing-list version with Return-Path:). The approach looks suitable if one is relatively passive on the mailing lists. -- Pekka Savola "Tell me of difficulties surmounted, Netcore Oy not those you stumble over and fall" Systems. Networks. Security. -- Robert Jordan: A Crown of Swords
[Fwd: HTTP Authentication BOF?]
I've posted this message to the SASL mailing list and got little response. I will try once more. (Please, find me and/or Magnus Nystrom <[EMAIL PROTECTED]> in Atlanta if you have anything to contribute. Preferably on Monday or Tuesday. If there is enough interest, we can have a bar BOF.) Original Message Subject: HTTP Authentication BOF? Date: Mon, 14 Oct 2002 10:36:03 -0600 From: Alexey Melnikov <[EMAIL PROTECTED]> Organization: ACI WorldWide / MessagingDirect To: SASL WG <[EMAIL PROTECTED]> I would like to arrange for a HTTP Authentication BOF. If there is enough interest in this, I will request a formal slot. Discussion would be mostly concentrated on http://www.ietf.org/internet-drafts/draft-nystrom-http-sasl-04.txt, but I would be happy to discuss any other related documents, e.g. draft-brezak-spnego-http-04.txt. Please, send comments to me directly. Cheers, Alexey Melnikov __ R & D, ACI Worldwide/MessagingDirect Watford, UK Work Phone: +44 1923 81 2877 Home Page: http://orthanc.ab.ca/mel I speak for myself only, not for my employer. __
Re: [isdf] RE: Palladium (TCP/MS)
> > > No. You can trace back to the fact that the signed data was at the same > > ^ > > a hash of > > > place as the private key, at the same time. > > I've seen people *who operate CAs* lose sight of the fact that it's > > the hash that's signed, not the full data. > > OK, if you want to be pedantic. ;) > > However, let's remember that although a hash collision is *possible* to > generate, ... My point was not about hash collisions, but rather that the dongle that holds the key often has no idea at all about the meaning of what was signed. And if it's an intruder who caused the signing, there may be no record of the cleartext. If it was a certificate, you can't revoke it because you don't know its serial number or anything else[*] about it. Matt [*] Well, if NameConstraints were implemented you could put a bound on the Subject. That's not much comfort.
