Re: Formal SPAM Compliant filed against Anderson...

[Joe Baptista]

Has anyone bother by Dean considered using filters as a means of dealing
with this?

Joe

On Mon, May 3, 2010 at 2:21 PM, todd glassey  wrote:

> On 5/3/2010 11:06 AM, Arnt Gulbrandsen wrote:
> > On 05/03/2010 07:48 PM, todd glassey wrote:
> >> Maybe Joe but I do not want to be a party to his mailing lists, and he
> >> will not allow me off of them, so I have no choice but to file the spam
> >> compliant.
> >
> > I direct your attention to the IETF's standard for unilateral list
> > unsubscription, RFC 5228 as extended by RFC 5429.
>
> Arnt
> These are extensions for Sendmail. The problem is that Dean created a
> list outside of the IETF and subscribed IETF members to it.  The members
> have NO passwords and cant get them without interacting with Dean making
> this harassment.
>
> As to whether the IETF postings are commercial or not they clearly are
> since they are work on standards for commercial networking.
>
> Todd
> >
> > Dean subscribed me too, but I had forgotten about it until just now.
> >
> > Arnt
> > ___
> > Ietf mailing list
> > Ietf@ietf.org
> > https://www.ietf.org/mailman/listinfo/ietf
> >
>
>
> ___
> Ietf mailing list
> Ietf@ietf.org
> https://www.ietf.org/mailman/listinfo/ietf
>
>


-- 
Joe Baptista

www.publicroot.org
PublicRoot Consortium

The future of the Internet is Open, Transparent, Inclusive, Representative &
Accountable to the Internet community @large.

 Office: +1 (360) 526-6077 (extension 052)
Fax: +1 (509) 479-0084

Personal: http://baptista.cynikal.net/
___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

Re: Formal SPAM Compliant filed against Anderson...

[Joe Baptista]

I think Dean does a good job of keeping the IETF honest.

cheers
joe baptista

On Mon, May 3, 2010 at 11:28 AM, todd glassey wrote:

> Folks - I have had it with Dean and his actions in spamming me after
> being thrown off of IETF lists.
>
> Mr. Anderson has created a set of IETF mirror lists which he calls
> "IETF-Honest" and which he subscribes IETF members to against their will
> after being told numerous times to cease and desist.
>
> Obviously the only recourse is a formal spam compliant with the FTC so
> the first complaint's filing number is 26303937.
>
> I would encourage all of you - and I mean all of you who are as annoyed
> with this spamming as I am to visit the FTC website and file your own
> complaint as if there are 10 or 20 of them independently filed, the FTC
> will in fact take action on this abuse.
>
> http://www.ftc.gov/spam
>
> Have a nice day.
>
> Todd Glassey
>
> ___
> Ietf mailing list
> Ietf@ietf.org
> https://www.ietf.org/mailman/listinfo/ietf
>
>


-- 
Joe Baptista

www.publicroot.org
PublicRoot Consortium

The future of the Internet is Open, Transparent, Inclusive, Representative &
Accountable to the Internet community @large.

 Office: +1 (360) 526-6077 (extension 052)
Fax: +1 (509) 479-0084

Personal: http://baptista.cynikal.net/
___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

Re: Make the Internet uncensorable to intermediate nodes

[Joe Baptista]

On Fri, Mar 19, 2010 at 11:37 AM, Stephane Bortzmeyer wrote:

> Such a censorship system would be quite stupid. We would not even need
> complicated protocols to workaround it, just using synonyms or
> euphemisms would suffice.
>



what an embarrassment you are. no people skills. no grace nor tact - which
we would expect from a French man.

try to be more helpful when people ask questions. don't use harsh words like
"stupid" or else you'll scare people away. thats not what we want at the
IETF. nes pas?

regards
joe baptista
___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

Re: DNSCurve vs. DNSSEC - FIGHT! (was OpenDNS today announced it has adopted DNSCurve to secure DNS)

[Joe Baptista]

I just want to remind everyone that a DNScurve draft is on the table.

http://tools.ietf.org/html/draft-dempsky-dnscurve-01

There is an urgent need to solve the DNS security issues within a reasonable
period of time.

Please remember the Kaminsky dns bug did not identify a security problem
with the DNS but the UDP transport. DNScurve fixes the problem today without
having to spend 15 more years getting it right.

And it does not cost a fortune to implement. DNSSEC is more of a make work
project then it is a solution. And DNSSEC does not solve the UDP issue. And
that is the problem DNScurve fixes NOW.

If there is any common sense left at the IETF. And I think there are sparks
here and there. Then I strongly recommend IETF members get DNScurve
established as RFC. We need leadership - not more DNSSEC blah blah blah.

Together let's exercise some common sense and support
draft-dempsky-dnscurve-01.

regards
joe baptista

On Thu, Feb 25, 2010 at 3:01 PM, Phillip Hallam-Baker wrote:

> Who are these 'security researchers' of whom you speak? I am a
> principal in the security field, if you want to contradict me then you
> should either say that something is your personal opinion or you
> should specify the other parties you are referring to.
>
> The reason that I want to see what the key registration process is
> going to look like is precisely because the validation process
> matters. It is the reason that I sent out the invitations to the
> original meeting that started the process that created EV
> certificates.
>
> Moving to DNSSEC, regardless of the technical model does not eliminate
> the need for certificates or CAs. The purpose of EV certificates is to
> re-establish the principle of accountability.
>
> You can design a PKI to meet many different needs. Identity is one
> purpose, but not a very useful one. Which is the real reason that
> identity systems are so hard to deploy. If you want security from a
> PKI you will do better with a validation system that provides
> accountability.
>
> I use words very carefully. I know that you can use SSH keys protected
> by DNSSEC. But at the moment there is not a complete proposal for a
> Secure DNS system. Key parts of that system are being left to chance
> and that is why the prospects for an alternative system are much
> better than you imagine.
>
>
> On Thu, Feb 25, 2010 at 11:55 AM, Paul Wouters  wrote:
> > On Thu, 25 Feb 2010, Phillip Hallam-Baker wrote:
> >
> >> But SSH would be much better if we could integrate the key
> >> distribution into a secured DNS.
> >
> > See previous post. Already done and running.
> >
> >> And self-signed SSL certs would be
> >> better if we could use hash values distributed through a secured DNS
> >> to verify them.
> >
> > Yes. The CERT/CERTQ record is still a bit of a problem and needs some
> > work.
> >
> >> If DNSSEC succeeds, the domain validated certificate business will
> >> have to either transform or eventually die. I think that for most CAs,
> >> the business opportunities from SSL+DNSSEC are greater than the
> >> opportunities from the current DV SSL business. DNSSEC cannot deploy
> >> unless the registrars have cryptography expperience, the CAs have that
> >> experience.
> >
> > If you ask security researchers, it has been proven that CA's sacrificed
> > security for profitability. The CA model has failed to work. 2 second
> > validation based on email, md5 based * root certificates signed, etc etc.
> > The last two years saw a significant amount of attacks against CA's, and
> > CA's have seen their profit margin fall to near zero, so even if they
> > wanted to, they cannot increase security (you ask me a confirmation for
> > my cert, I'll go to this other ssl provider that doesn't).
> >
> > CERT's in DNS(SEC) put the responsibility of the cert within the domain
> of
> > the customer. If they care, they can do their security. The time of
> > outsourcing security to CA's is over.
> >
> > Paul
> >
>
>
>
> --
> --
> New Website: http://hallambaker.com/
> View Quantum of Stupid podcasts, Tuesday and Thursday each week,
> http://quantumofstupid.com/
> ___
> Ietf mailing list
> Ietf@ietf.org
> https://www.ietf.org/mailman/listinfo/ietf
>
___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

Re: OpenDNS today announced it has adopted DNSCurve to secure DNS

[Joe Baptista]

On Wed, Feb 24, 2010 at 1:27 PM, Paul Hoffman  wrote:

>
> DNSCurve also assumes that authoritative name servers are willing to do
> orders of magnitude more calculations per second, all the time, than DNSSEC
> requires of them. That is, cryptographic calculations are needed for every
> response. Placing that burden on the DNS may or may not be acceptable to
> current operators. It may or may not also lead to less stability.
>


That made me laugh. I would rather burden a server with added clicks then
the added burden DNSSEC will cause the world - not only in bandwidth - which
will explode under DNSSEC but also the economic costs to business and
individuals of migrating hundreds of millions of domains in the DNSSEC make
work project. Let's not forget DNSSEC re-engineers the Internet to a
centralized control model that defeats the end to end basics.

regards
joe baptista
___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

Re: OpenDNS today announced it has adopted DNSCurve to secure DNS

[Joe Baptista]

On Wed, Feb 24, 2010 at 9:40 AM, Wes Hardaker  wrote:


> Anyone who's posting a link to a twitter message to an email message and
> seriously couldn't cut-n-paste a 140 character message into the email
> body is certainly doing so to attract followers as there is certainly no
> other motivation to make things more difficult for the reader.
>
>
Thats a good assumption. But like most assumptions it is easily invalidated.
Remember a twitter messages contains links not supported in email i.e. the
hash #.

regards
joe baptista


p.s. of course if you want to follow your welcomed but following is not
compulsory.
___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

OpenDNS today announced it has adopted DNSCurve to secure DNS

[Joe Baptista]

FYI

http://twitter.com/joebaptista/status/9555178362

regards
joe baptista
___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

Re: IAB statement on the RPKI.

[Joe Baptista]

"useful security is binary". thats great stuff. says nothing - means even
less. theres another great term I've seen the Isociety cabal use whenever
their stuck - "it does not scale".

There are better solutions to the DNS security escapades that are simple and
involve no economic cost to the users at large. DNSSEC is not the answer.
DNSSEC is the nightmare. The solution lies with DNScurve -
http://bit.ly/cjmH2n

The Internet already is a security nightmare - why contribute to it with
DNSSEC. Fix the UDP problem once and for all with DNSCurve. Or something
like it.

DNSSEC is old technology 1024 is a juvenile encryption standard. DNSSEC does
not solve the UDP problem. DNSCurve will.

And I remind IETF members that Dr. Bernstein was the first to address the
UDP port problem. DNScurve will take the DNS to the next step. Ensure the
machine you contacted is the machine you want to speak too.

At least members do something. Because the DNSSEC joke must end. We need
solutions to address the problem that don't end up being a make work
project.

cheers
joe baptista


On Thu, Feb 18, 2010 at 3:08 PM, Masataka Ohta <
mo...@necom830.hpcl.titech.ac.jp> wrote:

> David Conrad wrote:
>
> > I'm not sure why you are pretending that useful security is binary.
>
> I'm afraid you are saying "DNSSEC or die", while I'm saying
> "reasonable security is good enough". Which, do you think,
> is binary?
>
>
___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

Re: [DNSOP] Fwd: Re: Roll Over and Die ?

[Joe Baptista]

not bad for two cents. worth a lot more in advice.

Heres my two cents. DNSSEC is broken. DNSSEC will cause economic harm as it
adds to business costs. There's one liability. And DNSSEC is not needed. We
have options. DNSCurve works http://bit.ly/cjmH2n - let's try something that
works?

That would certainly be an innovative move forward for the ietf.

cheers
joe baptista

On Thu, Feb 18, 2010 at 10:54 AM, Todd Glassey wrote:

>  The real answer Tony is coming out of left field and it is the legal
> claims being asserted against people intentionally fielding code they know
> is broken and for which they refused to accept criticism's about that code
> (oddly enough from people like Dean and I and a number of others.
>
> The real fun part is the legal liability this is creating for people who in
> this list claim they have a right to ignore whatever they want, and its
> coming...
>
> So the real issue is whether there is a class action matter coming against
> the ISC and a number of the projects it operates per this new accountability
> push.
>
> This is NOT good for any of these projects so I suggest that the proper
> response is a new level of transparency in who is making what decisions for
> the WG and how they are made regarding design testing and otherwise.
>
> Just my two cents as a civilian.
>
> Todd Glasssey
>
>  Original Message   Subject: Re: [DNSOP] Roll Over and Die
> ?  Date: Thu, 18 Feb 2010 13:35:59 +  From: Tony Finch 
>   To:
> George Barwood 
>   CC:
> dn...@ietf.org
>
> On Thu, 18 Feb 2010, George Barwood wrote:
>
> > Any reaction to this CircleID article ?
> >
> > http://www.circleid.com/posts/dns_resolvers_and_dnssec_roll_over_and_die/
> https://www.isc.org/announcement/response-to-concerns10Febhttp://unbound.net/pipermail/unbound-users/2010-February/001031.html
>
>
>
___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

The DNSSEC nightmare continues Re: Securing DNS Re: IAB statement on the RPKI.

[Joe Baptista]

so much simpler to solve DNS vulnerabilities with dnsCurve
http://bit.ly/cjmH2n

:)

2010/2/17 Phillip Hallam-Baker 

> One mechanism that was unfortunately pushed asside as a result of the
> fixation on end to end DNSSEC would be to for the resolver to use
> DNSSEC (and other methods) to authenticate the data it receives and to
> use some modification of TSIG to authenticate the communication
> between client and resolver.
>
> This model does not make much sense if you stick to the model where
> hosts pick up their DNS service from the local host. But it makes a
> great deal of sense when you are using a service like Google's DNS. It
> would not take a great deal of effort to graft a Kerberos like scheme
> on to effect key exchange.
>
>
> The real problem with DNSSEC is that it has taken so long that the
> Internet has changed since. And rather than go back and redesign we
> are always told that so much time and effort has been spent already
> that we cannot possibly take any time to look at the issues that might
> prevent deployment or use. And so instead of the opt-in fix taking six
> months as it should have done it took six years and instead of the
> zone walking/privacy issue taking six months it took four years.
>
> I am thinking of retitling my RSA talk '2010 The Year of DNSSEC'.
>
>
> I am not trying to beat up people and say do it the way we did it.
> What I am trying to say here is DON'T REPEAT OUR MISTAKES. Look at the
> solution that we were forced to adopt when the single rooted hierarchy
> proved undeployable.
>
>
> On Wed, Feb 17, 2010 at 10:01 AM, Basil Dolmatov  wrote:
> > Masataka Ohta пишет:
> >>
> >> But, the most serious defect of DNSSEC, or PKI in general, is that,
> >> despite a lot of hypes, it is not cryptographically secure.
> >> Social attacks on trusted third parties makes the parties
> >> untrustworthy, which means PKI is merely socially or weakly
> >> secure.
> >>
> >>
> >
> > There are a lot of deficiencies in PKI, but at present time I can see no
> > alternative for establishing trust in loosely connected and large
> systems.
> > If there is one, please advise.
> >>
> >> For security of interdomain routing, social security of trust
> >> relationship between ISPs is just enough to which additional
> >> social security by PKI is not helpful.
> >>
> >
> > There are no trust relationships between my ISP and your ISP.
> > How my ISP can trust routing announce, which I have got over the network
> and
> > which has your ISP mentioned as the origin?
> >
> >> For security of DNS, social security of trust relationship between
> >> ISPs and between zones are just enough to which additional social
> >> security by PKI is not helpful.
> >>
> >>
> >
> > Same question applies to DNS. My resolver have no trust relationships
> with
> > your server.
> > How I can trust DNS-answer which I have got over the network?
> >
> > Unfortunately, Internet 20 years ago and Internet today are two
> > significantly different networks.
> >
> > 20 years ago I trusted to nearly all network participants and undoubtedly
> > trusted to all network administrators.
> >
> > Now, the necessity to build the chains of trust is obvious, otherwise you
> > will lose a lot. The methods, which are being implemented are definitely
> not
> > ideal (I knew a lot of flaws and weaknesses in systems, which are using
> > PKI), but at the same time I do not know anything better.
> >
> >
> > dol@
> >
> >
> >
> >>Masataka Ohta
> >>
> >>
> >>
> >
> > ___
> > Ietf mailing list
> > Ietf@ietf.org
> > https://www.ietf.org/mailman/listinfo/ietf
> >
>
>
>
> --
> --
> New Website: http://hallambaker.com/
> View Quantum of Stupid podcasts, Tuesday and Thursday each week,
> http://quantumofstupid.com/
> ___
> Ietf mailing list
> Ietf@ietf.org
> https://www.ietf.org/mailman/listinfo/ietf
>
___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

Let's move on - Let's DNSCurve Re: DNSSEC is NOT secure end to end

[Joe Baptista]

On Fri, Jun 5, 2009 at 8:32 AM, Masataka Ohta <
mo...@necom830.hpcl.titech.ac.jp> wrote:

> So, let's throw away DNSSEC and the broken-from-the-beginning
> idea of bailiwick. Let's move on to lock the doors and windows.
>

Words of wisdom.  I however propose we do not throw it away.  I propose it
be allowed to wither on the vine until DNSSEC life signs show it as being
dead.  Then the IETF can then do it's job and give it the proper burial it
deserves.

I propose all developers simply secure the DNS.  A transparent solution tha
is available NOW - is DNSCurve.  Will ensure the end to end transport of DNS
UDP packets is secure.  And that basically fixes once and for all the
insecurity we have in the UDP transport.

DNSCurve encrypts all DNS packets.  DNSSEC does not.

DNSCurve cryptographically authenticates all DNS responses, eliminating
forged DNS packets.  DNSSEC does not.

DNSCurve very quickly recognizes and discards forged packets, so attackers
have much more trouble preventing DNS data from getting through. DNSSEC does
not.

so I ask you - who wins the cookie in this race?

regards
joe baptista

-- 
Joe Baptista

www.publicroot.org
PublicRoot Consortium

The future of the Internet is Open, Transparent, Inclusive, Representative &
Accountable to the Internet community @large.

 Office: +1 (360) 526-6077 (extension 052)
Fax: +1 (509) 479-0084

Personal: www.joebaptista.wordpress.com
___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

Re: DNSSEC is NOT secure end to end

[Joe Baptista]

On Mon, Jun 1, 2009 at 12:30 AM, Mark Andrews  wrote:

>
>If you believe that I have a bridge to sell you.


Keep the bridge - it's all yours.  Remember - in order to sell the bridge
you first have to own it.  Your convenced you have something to sell.  I am
not.


> > Totally different from DNSSEC.
>


>
>You can disagree all you want but it doesn't change the
>fact that DNSSEC and DNSCurve both have chains of trusts.
>The proponents of DNSCurve even say this.
>
>Note the chain of trust as described on
>http://www.dnscurve.org/tld.html/.


The correct URL is http://www.dnscurve.org/tld.html not
http://www.dnscurve.org/tld.html/

And yet again - it has nothing to do with chains of trust.  It does learn
how to trust and whom to trust.  Thats part of the job.  What DNSCurve does
do is it "adds link-level public-key protection to DNS packets" therefore
guaranteeing the integrity of the packets end to end.

Totally different from DNSSEC which indeed uses chains of trust - i.e. root
to tld to sld etc.etc.

I am totally amazed at the propaganda that comes out of ISC these days.
When you guys start comparing DNSSEC to DNSCurve - we'll - all I can say is
this - I have this really nice bridge on the Hudson I'd like to sell you
that will compliment the bridge you've already have.

cheers
joe baptista

-- 
Joe Baptista

www.publicroot.org
PublicRoot Consortium

The future of the Internet is Open, Transparent, Inclusive, Representative &
Accountable to the Internet community @large.

 Office: +1 (360) 526-6077 (extension 052)
Fax: +1 (509) 479-0084

Personal: www.joebaptista.wordpress.com
___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

Re: DNSSEC is NOT secure end to end

[Joe Baptista]

I disagree.  DNSCurve has nothing to do with trust.  It simply ensure the
system you are connected to is in fact the system that gives you the
answer.  DNSCurve addresses the UDP issues without the need for a root or
any other third party enjoying any degree of trust.

Totally different from DNSSEC.

regards
joe baptista

On Sun, May 31, 2009 at 9:38 PM, Mark Andrews  wrote:

>
> In message <874c02a20905311802r2b9b4544j374bb374eb7a7...@mail.gmail.com>,
> Joe Baptista writes:
> > DNSSEC indeed violates the end to end principle.  It's simply that
> simple.
> > And it asks us to put our trust in the root a.k.a. ICANN.  I don't think
> > governments world wide are going to put their trust and faith in ICANN.
>  The
> > U.S. Government is the only government that has been bamboozled into
> > adopting DNSSEC into .gov infrastructure.
> >
> > I wonder how President Obama would feel about handing over the keys to
> U.S.
> > Government infrastructure to a U.S. contractor.  I'd have trouble
> sleeping
> > at night if that was the case.
> >
> > I've addressed this at length in my comments to the NTIA.
> >
> > http://www.ntia.doc.gov/DNS/comments/comment034.pdf
> >
> > If the U.S. government wants DNSSEC today then it must nationalize the
> > roots.  I don't even trust Vixie with the root.  I remember when he
> hijacked
> > the root with Postel.  Or as they put it "we were only running an
> > experiment".
> >
> > In any case the new infrastructure campaign demands U.S. government roots
> be
> > set up to exclusively serve U.S. network infrastructure.
> >
> > regards
> > joe baptista
> >
> > p.s. If you want to secure the DNS end to end - think DNSCurve - not
> DNSSEC.
> >
> > http://dnscurve.org/
>
> DNSCurve has exactly the same trust issues as DNSSEC does.
>You are trusting the parent to give you a secure introduction
>to the child.  The introduction is just encoded differently.
>
>Mark
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
>



-- 
Joe Baptista

www.publicroot.org
PublicRoot Consortium

The future of the Internet is Open, Transparent, Inclusive, Representative &
Accountable to the Internet community @large.

 Office: +1 (360) 526-6077 (extension 052)
Fax: +1 (509) 479-0084

Personal: www.joebaptista.wordpress.com
___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

DNSSEC is NOT secure end to end

[Joe Baptista]

DNSSEC indeed violates the end to end principle.  It's simply that simple.
And it asks us to put our trust in the root a.k.a. ICANN.  I don't think
governments world wide are going to put their trust and faith in ICANN.  The
U.S. Government is the only government that has been bamboozled into
adopting DNSSEC into .gov infrastructure.

I wonder how President Obama would feel about handing over the keys to U.S.
Government infrastructure to a U.S. contractor.  I'd have trouble sleeping
at night if that was the case.

I've addressed this at length in my comments to the NTIA.

http://www.ntia.doc.gov/DNS/comments/comment034.pdf

If the U.S. government wants DNSSEC today then it must nationalize the
roots.  I don't even trust Vixie with the root.  I remember when he hijacked
the root with Postel.  Or as they put it "we were only running an
experiment".

In any case the new infrastructure campaign demands U.S. government roots be
set up to exclusively serve U.S. network infrastructure.

regards
joe baptista

p.s. If you want to secure the DNS end to end - think DNSCurve - not DNSSEC.

http://dnscurve.org/


On Sat, May 30, 2009 at 7:27 PM, Masataka Ohta <
mo...@necom830.hpcl.titech.ac.jp> wrote:

> Francis Dupont wrote:
>
> > => not only this is very arguable (for instance about the resource
> > exhaustion) but no hop-by-hop/channel security, even something as
> > strong as TSIG, can provide what we need, i.e., end-to-end/object
> > security (*).
>
> Unless your meaning of end-to-end differs from that of David Clark,
> the following argument of his paper is applicable to DNSSEC.
>
>http://portal.acm.org/citation.cfm?doid=383034.383037
>Rethinking the design of the Internet:
>The end to end arguments vs. the brave new world
>
>The certificate is an assertion by that (presumably
>trustworthy) third party that the indicated public key
>actually goes with the particular user.
>
>These certificates are principal components of essentially
>all public key schemes,
>
> That is, security of DNSSEC involves third parties and is not end
> to end.
>
> > PS (*): I use the common meaning of end-to-end, not Masataka Ohta's one.
>
> I'm afraid you don't know who David Clark is and how he is related
> to the end to end argument.
>
> However, all the people who are qualified to discuss end to end do
> know him and his argument.
>
>        Masataka Ohta
>
> ___
> Ietf mailing list
> Ietf@ietf.org
> https://www.ietf.org/mailman/listinfo/ietf
>



-- 
Joe Baptista

www.publicroot.org
PublicRoot Consortium

The future of the Internet is Open, Transparent, Inclusive, Representative &
Accountable to the Internet community @large.

 Office: +1 (360) 526-6077 (extension 052)
Fax: +1 (509) 479-0084

Personal: www.joebaptista.wordpress.com



-- 
Joe Baptista

www.publicroot.org
PublicRoot Consortium

The future of the Internet is Open, Transparent, Inclusive, Representative &
Accountable to the Internet community @large.

 Office: +1 (360) 526-6077 (extension 052)
Fax: +1 (509) 479-0084

Personal: www.joebaptista.wordpress.com
___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

Does being an RFC mean anything?

[Joe Baptista]

On Wed, Mar 11, 2009 at 7:54 PM, TSG  wrote:

> Lawrence Rosen wrote:
>
> Because Larry - many of those here owe their ongoing $$$ livelihood to the
> lie the IETF has become. And so what you are suggesting is increasing the
> rolls of the unemployed by adding these individuals who's whole existence is
> the IETF. Its also these people in my opinion that make the IETF the
> laughingstock its become as you so rights notice that RFC's and the process
> for creating standards has degraded into a model where there really is no
> standard.


I agree.  I also remember over the years that many voices warned this was
coming.  I heard them.  Did anyone else?

cheers
joe baptista



>
>
> Just my two cents
>
> Todd Glassey
>
>>
>> The recent threads about draft-housley-tls-authz have taught me something
>> I didn't know about IETF, and I don't like what I've learned.
>>
>> There are, it appears, many types of IETF RFCs, some which are intended to
>> be called "Internet standards" and others which bear other embedded labels
>> and descriptions in their boilerplate text that are merely "experimental" or
>> "informational" or perhaps simply "proposed standard". One contributor here
>> described the RFC series as "a repository of technical information [that]
>> will be around when I am no longer around."
>>
>> The world is now full of standards organizations that treat their works as
>> more significant than merely "technical information." Why do we need IETF
>> for that purpose? If all we need is a repository of technical information,
>> let's just ask Google and Yahoo to build it for us. Maybe our Internet
>> standards should instead be created in an organized body that pays serious
>> attention to the ability of the wide world to implement those standards
>> without patent encumbrances.
>>
>> But even if IETF isn't willing to amend its patent policy that far—and
>> most SDOs still aren't, unfortunately—at the very least we should take our
>> work seriously. When someone proposes a serious RFC, we should demand that
>> the water around that RFC be swept for mines—especially **disclosed** patent
>> mines that any serious sailor would want to understand first.
>>
>> If IETF isn't willing to be that serious, maybe we should recommend that
>> our work go to standards organizations that do care? As far as my time to
>> volunteer for a better Internet, there are far better ways to do it than
>> listening here to proposals that are merely "technical information." At the
>> very least, separate that into a different list than IETF.org so I know what
>> to ignore!
>>
>> By the way, many of the same companies and individuals who are involved
>> here in IETF are also active participants in W3C, OASIS, and the new Open
>> Web Foundation, all of which organizations pay more attention to patents and
>> the concept of "open standards" than what IETF seems to be doing here. So
>> let's not be disingenuous, please. Almost everyone here has previous
>> experience doing this the right way.
>>
>> /Larry
>>
>> Lawrence Rosen
>>
>> Rosenlaw & Einschlag, a technology law firm (www.rosenlaw.com <
>> http://www.rosenlaw.com>)
>>
>> 3001 King Ranch Road, Ukiah, CA 95482
>>
>> 707-485-1242 * cell: 707-478-8932 * fax: 707-485-1243
>>
>> Skype: LawrenceRosen
>>
>> 
>>
>> ___
>> Ietf mailing list
>> Ietf@ietf.org
>> https://www.ietf.org/mailman/listinfo/ietf
>>
>>
>
> ___
> Ietf mailing list
> Ietf@ietf.org
> https://www.ietf.org/mailman/listinfo/ietf
>


-- 
Joe Baptista
www.publicroot.org
PublicRoot Consortium

The future of the Internet is Open, Transparent, Inclusive, Representative &
Accountable to the Internet community @large.

 Office: +1 (360) 526-6077 (extension 052)
Fax: +1 (509) 479-0084
___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

Re: TLS-auth

[Joe Baptista]

I'm adding my name to this chorus.   Do not approve TLS. Just say no.

regards
joe baptista

On Mon, Feb 9, 2009 at 4:37 AM, Phil Driscoll wrote:

> I am managing director of a software company working almost exclusively in
> the
> development and deployment of internet technologies on free software.
> I would urge you not to approve the Transport Layer Security (TLS)
> Authorization Extensions as a standard until RedPhone provide a perpetual
> royalty free licence for all users to implement their patented matter.
>
> Regards
> --
> Phil Driscoll
> Managing Director
> Dial Solutions Ltd
> ___
> Ietf mailing list
> Ietf@ietf.org
> https://www.ietf.org/mailman/listinfo/ietf
>



-- 
Joe Baptista
www.publicroot.org
PublicRoot Consortium

The future of the Internet is Open, Transparent, Inclusive, Representative &
Accountable to the Internet community @large.

 Office: +1 (360) 526-6077 (extension 052)
Fax: +1 (509) 479-0084
___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

Re: The Great Naming Debate (was Re: The internet architecture)

[Joe Baptista]

This is a very anal retentive discussion your all having here.  I support
Ford here.  Applications should be able to use names and IP addresses.   We
don't need the IP or DNS gestapo taking over application programs.

regards
joe baptista

On Sun, Dec 14, 2008 at 2:51 PM, Bryan Ford  wrote:

> So, after being distracted by OSDI last week, I'm now trying to catch up on
> the raging debates on TAE that are already exceeding all the wildest dreams
> I had before setting up the list... :)
>
> On the issue of weaning applications (and potentially transports) away from
> IP addresses in favor of names of some kind, I feel that a lot of the
> disagreement results from a misunderstanding of exactly what I (and perhaps
> others who have made similar proposals) was proposing...
>
> On Dec 4, 2008, at 10:29 PM, Keith Moore wrote:
>
>> Hallam-Baker, Phillip wrote:
>>
>>> I am trying to parse this claim.
>>>
>>> Are you saying that the DNS is fragile and raw IP relatively robust?
>>>
>>
>> DNS is layered on top of IP.  So for a large class of IP failures, DNS
>> won't work either.  And if IP routing fails, DNS is likely to be
>> irrelevant because the application using DNS won't work anyway.
>>
>> And in practice, DNS is quite likely to fail due to configuration
>> errors, inadequate provisioning, outdated cache entries due to
>> unanticipated changes, brain-damaged DNS caches built into NATs, failure
>> of registries to transfer a DNS name in a timely fashion, etc.
>>
>> So it's not a question of whether DNS is less reliable than IP (it is),
>> or even whether the reliability of DNS + IP is less than that of IP
>> alone (it is).  It's a question of whether increasing reliance on DNS by
>> trying to get apps and other things to use DNS names exclusively, makes
>> those apps and other things less reliable.  And I'd argue that it does,
>> except perhaps in a world where renumbering happened frequently, at
>> irregular intervals, and without notice.  And I don't think that's a
>> realistic scenario.
>>
>
> I entirely agree in principle with your concerns about reliability: if
> everything has to work correctly in two layers (DNS and IP), then that's
> strictly less likely to happen than hoping everything will work correctly in
> only one layer (just IP) - unless DNS can somehow make up for unreliability
> in the IP layer, which it occasionally might be able to do with some effort
> (e.g., via DNS-based load balancers that take end-to-end IP reachability
> information as input), but it usually doesn't because that's not the purpose
> of DNS.  And I agree that some applications (and some users) sometimes need
> to deal with IP addresses directly, and probably still will need to for a
> long time, maybe forever.  You seem to be assuming that my proposal was to
> disallow such "visibility into the network" entirely, but that wasn't my
> intent at all.  I just would like it to become no longer _mandatory_ for
> every application to know about the structure IP addresses in order to
> accomplish anything.
>
> To be specific, there are (at least) three positions we might be in:
>
> 1. ALL applications MUST know about IP addresses, in each IP address format
> that exists, in order to operate at all.  This is the current state of the
> world for applications that use the sockets API, because apps have to call
> gethostbyname etc. and copy the resulting IP address(es) into sockaddr_in or
> sockaddr_in6 structs to pass to connect() et al.  Even though the sockets
> API is "generic" in that it supports multiple address families, its design
> forces the application to have code specific to each family in order to
> support that family at all, which is the key problem.
>
> 2. ALL applications MUST use only DNS names for all operations, and never
> provide or see IP addresses for any reason.  This seems to be what you're
> assuming I'm suggesting (i.e., where you say "...by trying to get apps and
> other things to use DNS names >>exclusively<<").  That's a world we might
> hold up as an ideal to strive for eventually, but it's indeed not realistic
> in the short term, and it's not what I'm pushing for.  Besides, there may be
> many different naming or host identity schemes we might eventually want to
> support besides DNS names - e.g., UIA personal names, HIP cryptographic host
> identities, ...
>
> 3. Applications MAY be aware of IP addresses if they need to be for
> whatever reason, but aren't ALWAYS forced to have hard-coded dependencies on
> the existence and structure of IP address

ietf@ietf.org

[Joe Baptista]

This all smells bad.

regards
joe baptista

On Sun, Nov 2, 2008 at 8:48 AM, linuxa linux <[EMAIL PROTECTED]>wrote:

> Doug, Thanks for your response that shows your knowledge and expertise
> about internet / computer things, common sense, organisational topics and
> also the replacing k/K to unicode 0915 glyph shape issue.
>
> "You might as well send your message to your MP or to the Queen,
> for all the good it will do to send it to IETF."
>
> Airing the issue to the internet / computer community.
>
>
> "I don't speak for their mailing-list administrator."
>
> The Unicode.org website home page copy that I quoted is not factual.
>
>
> "Accusing an organization of process failure and insensitivity and
> stubbornness is not usually a productive way to get them to come around to
> your point of view."
>
> The Unicode.org website page copy that I quoted is not factual.
>
>
> "You have stipulated that this constitutes"
>
> The Unicode.org website page copy that I quoted is not factual.  There
> should be some limitations.  They don't have a demo that proves the first
> quote and the Unicode.org is not a framework.
>
>
> "...You are accusing Unicode of things it is not responsible for.  This
> is like blaming the weatherman when it rains."
>
> The Unicode.org website page copy that I quoted is not factual.  There
> should be some limitations.  They should clarify what they are not
> responsible for.  Their home page copy that I quoted is a trap for
> Unicode.org and readers.
>
>
> "You are trying to change the basic form of a letter that has existed in
> the Latin alphabet for over two thousand years, on the basis of an
> association between the K glyph and the intersection of three rivers,
> derived loosely from a secondary Krishna text.  ["that the letter K
> represents suicide and needs to be changed"] You are trying to change the
> basic form of a letter recognized by billions of people, and one of your
> first moves is to approach an international standards-making organization,
> which does NOT standardize the Latin alphabet itself and is NOT in the
> business of deciding what letters are supposed to look like, and accuse them
> of improper conduct because they do not immediately modify their charts and
> develop new fonts based on your views, which so far I have only heard from
> ONE person.  To say you are outside the mainstream would be a serious
> understatement."
>
> The latin / roman k/K letter needs to be replaced to another shape for
> reasons you know.  You have to understand that issue is beyond
> organisational management because it is related to human life.  Approaching
> Unicode.org and IETF.org was essential because they claim to have various
> controls over internet / computer transmitted language.  Some helpful
> interim things should be put in place, leadership and management is much
> needed.  Unicode.org website home page communicates the wrong impression and
> they should correct that.
>
>
> "Style of what?Content of what?  The standard is described in
> excruciating detail at 
> http://www.unicode.org/versions/Unicode5.1.0/..Unicode doesn't tell 
> people how to design user interfaces.  That is
> completely up to application developers, as it should be.See
> http://www.unicode.org/consortium/join.html .Unicode doesn't tell
> people how to build applications, whether open-source or proprietary.  Do
> you feel it should?"
>
> Thus Unicode.org has not any framework.  Certain programmers thus become
> baffled.  The Unicode.org home page copy that I quoted is not factual.
>  There should be some limitations.
>
>
> "It does not say that it will take you by the hand and show you how to
> program, configure, or use a computer in any language."
>
> Unicode.org are unjustly saying things on the website home page copy that I
> quoted, they are not communicating there what they are not responsible for.
>  They are leaving this to other imaginations and trapping themselves and
> others.
>
>
> "Unicode makes it possible to put tens of thousands of different characters
> on a .a plain-text document"
>
> I refer to .txt files, are you also suggesting that you can put save a .txt
> file on the computer that has unicode 0915 glyph shape?
>
>
> "What sort of "framework" are you looking for to accomplish your goals? Be
> specific, please, for once."
>
> I was being specific that there is not any framework about Style, Content,
> User Interface, Membership and Extensions, these generic areas that can help
> Software Internatio

Re: Last Call: draft-manner-router-alert-iana (IANA Considerations for the IPv4 and IPv6 Router Alert Option) to Proposed Standard

[Joe Baptista]

On Thu, Jul 10, 2008 at 12:08 PM, Robert Elz <[EMAIL PROTECTED]> wrote:

> This is the kind of thing we might have expected to see in a security
> considerations section 15-20 years ago, when the network was a nice kind
> friendly environment, where all the players would take great care not
> to do anything that might cause a problem.


Those days are long gone.  Unfortunately were stuck with that
infrastructure.  Its good infrastructure - but not well policed - and
insecure as hell because too many people built a system that assumed trust
was the default value.


> These days, if "the use of unsupported experimental code points" has the
> "potential to disrupt the stable operation of the network" then that would
> be something worthy of a CERT advisory and hasty code fixes by whatever
> vendors are supplying the systems that would be disrupted.


Ya - I hear you - but this way its a good way to sell DNSSEC and put
Verisign in charge of the DNS keys.  No thank you.  But its worth watching
what happens.

(but of course, there's a "rule"
> that says it must always be present, even when it is stupid, and obeying
> the
> rules is, of course, far more important than producing quality
> documents...)


Yes - we are only human.  Rules are good.  That does not mean rules can not
be questioned.  And changes made by consensus.

cheers
joe baptista

-- 
Joe Baptista
www.publicroot.org
PublicRoot Consortium

The future of the Internet is Open, Transparent, Inclusive, Representative &
Accountable to the Internet community @large.

Office: +1 (360) 526-6077 (extension 052)
Fax: +1 (509) 479-0084
___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

Re: Update of RFC 2606 based on the recent ICANN changes ?

[Joe Baptista]

>
> Do you mean as in RFC 3675?
>>>
>>
I sometimes wonder how this RFC ever got off the ground.  Its a bit of a
joke.

regards
joe baptista

-- 
Joe Baptista
www.publicroot.org
PublicRoot Consortium

The future of the Internet is Open, Transparent, Inclusive, Representative &
Accountable to the Internet community @large.

Office: +1 (360) 526-6077 (extension 052)
Fax: +1 (509) 479-0084
___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

Re: Change the subject! RE: [IAOC] Re: IPv4 Outage Planned for IETF71 Plenary

[Joe Baptista]

Theodore Tso wrote:


I think the real issue here is the difference between what was
originally stated (I think first by Marshall Rose in the Open Book) as
the difference between the ISO, promulgating OSI, and the IETF,
promulgating TCP/IP --- which was that ISO was populated primarily by
professional standard organization "goers", where as the IETF was
populated primarily by engineers, or "doers".
 



Well said.  Sounds like somewhere in all this the doers and goers forgot 
to communicate.  They very thing they were all intent on promoting 
through all this doing and going was communications ... and somehow the 
very thing all these doers and goers were trying to promote, 
communications, was the very thing being buried by all this doing and going.



regards
joe baptista


--
Joe Baptistawww.publicroot.org
PublicRoot Consortium

The future of the Internet is Open, Transparent, Inclusive,
Representative & Accountable to the Internet community @large.

 Office: +1 (202) 517-1593
Fax: +1 (509) 479-0084

begin:vcard
fn:Joe Baptista
n:Baptista;Joe
org:PublicRoot Consortium
adr:;;963 Ford Street;Peterborough;Ontario;K9J 5V5 ;Canada
email;internet:[EMAIL PROTECTED]
title:PublicRoot Representative
tel;fax:+1 (509) 479-0084 
tel;cell:+1 (416) 912-6551
x-mozilla-html:FALSE
url:http://www.publicroot.org
version:2.1
end:vcard

___
Ietf mailing list
Ietf@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf

Re: Forbidden RFC (Was: Should the RFC Editor publish an RFC in less than 2 months?

[Joe Baptista]

Stephane Bortzmeyer wrote:


On Thu, Dec 13, 2007 at 07:17:15PM -0500,
Russ Housley <[EMAIL PROTECTED]> wrote 
a message of 31 lines which said:


 


Another possible remedy might be to withdraw the RFC.  This remedy
is not as attractive because there is no procedure to do it.
   



Is it to test the future procedure that RFC 4390 is no longer
downloadable? :-)

http://www.ietf.org/rfc/rfc4390.txt

Forbidden
 


Syephane - you get the same thing when you go to

http://www.ietf.org/rfc.html

or any RFC for that matter.  I think there is a configuration problem 
with the server.


cheers
joe baptista


You don't have permission to access /rfc/rfc4390.txt on this server.

Additionally, a 403 Forbidden error was encountered while trying to use an 
ErrorDocument to handle the request.
Apache/2.0.52 (Red Hat) Server at www.ietf.org Port 80


___
Ietf mailing list
Ietf@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf


 




--
Joe Baptistawww.publicroot.org
PublicRoot Consortium

The future of the Internet is Open, Transparent, Inclusive,
Representative & Accountable to the Internet community @large.

 Office: +1 (202) 517-1593
Fax: +1 (509) 479-0084

begin:vcard
fn:Joe Baptista
n:Baptista;Joe
org:PublicRoot Consortium
adr:;;963 Ford Street;Peterborough;Ontario;K9J 5V5 ;Canada
email;internet:[EMAIL PROTECTED]
title:PublicRoot Representative
tel;fax:+1 (509) 479-0084 
tel;cell:+1 (416) 912-6551
x-mozilla-html:FALSE
url:http://www.publicroot.org
version:2.1
end:vcard

___
Ietf mailing list
Ietf@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf

Re: Hello IETF!

[Joe Baptista]

[EMAIL PROTECTED] wrote:


HI!

I'm 81duz1d0, programmer.

Today I’ve joined to IETF Mail List, I hope that my texts be useful to 
this community.



tell us more.

and welcome

regards
joe baptista

--
Joe Baptistawww.publicroot.org
PublicRoot Consortium

The future of the Internet is Open, Transparent, Inclusive,
Representative & Accountable to the Internet community @large.

 Office: +1 (202) 517-1593
Fax: +1 (509) 479-0084

begin:vcard
fn:Joe Baptista
n:Baptista;Joe
org:PublicRoot Consortium
adr:;;963 Ford Street;Peterborough;Ontario;K9J 5V5 ;Canada
email;internet:[EMAIL PROTECTED]
title:PublicRoot Representative
tel;fax:+1 (509) 479-0084 
tel;cell:+1 (416) 912-6551
x-mozilla-html:FALSE
url:http://www.publicroot.org
version:2.1
end:vcard

___
Ietf mailing list
Ietf@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf

Does anybody know where Jim Bell is - is he out of jail?

[Joe Baptista]

I'd like to talk to Bell.  Designer of the Assassination Politics 
protocol.  Anyone know if he's out of jail yet?


thanks
joe baptista

--
Joe Baptistawww.publicroot.org
PublicRoot Consortium

The future of the Internet is Open, Transparent, Inclusive,
Representative & Accountable to the Internet community @large.

 Office: +1 (202) 517-1593
Fax: +1 (509) 479-0084

begin:vcard
fn:Joe Baptista
n:Baptista;Joe
org:PublicRoot Consortium
adr:;;963 Ford Street;Peterborough;Ontario;K9J 5V5 ;Canada
email;internet:[EMAIL PROTECTED]
title:PublicRoot Representative
tel;fax:+1 (509) 479-0084 
tel;cell:+1 (416) 912-6551
x-mozilla-html:FALSE
url:http://www.publicroot.org
version:2.1
end:vcard

___
Ietf mailing list
Ietf@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf

Re: [OT] Internet / DNS Timeline (The History of the Internet DNS)

[Joe Baptista]

Roy Arends wrote:


On Jul 19, 2007, at 4:10 PM, Joe Baptista wrote:

Now this is an interesting little giggle.  I made it into a DNS  
timeline.  Incredible.


http://www.inaic.com/index.php?p=internet-dns-timeline

Incidentaly and by way of reference, these are the people who once  
operated the root servers for turkey.  Now it is claimed to be  
unifiedroot - www.unifiedroot.com



Public-root, Unified-root, Pacific-root, OpenNIC, ATLD, ORSN, ORSC,  
New.Net, Cesidian-Root, ...


This reminds me about a brilliant commentary on sectarianism, present  
in Monty Python's Life of Brian, scene 7:




Roy, If you think those names are interesting then check out the home 
page at www.publicroot.org - multinationals have invested in this.  So 
have mom and pop operations.  The whole thing hoever is a bit of a house 
of cards.  Much worse then the Monty Python skit.  Alot of lessons in 
this one.  Check out www.tlda.org for more.


cheers
joe baptista

--
Joe Baptistawww.publicroot.org
PublicRoot Consortium

The future of the Internet is Open, Transparent, Inclusive,
Representative & Accountable to the Internet community @large.

 Office: +1 (202) 517-1593
Fax: +1 (509) 479-0084

begin:vcard
fn:Joe Baptista
n:Baptista;Joe
org:PublicRoot Consortium
adr:;;963 Ford Street;Peterborough;Ontario;K9J 5V5 ;Canada
email;internet:[EMAIL PROTECTED]
title:PublicRoot Representative
tel;fax:+1 (509) 479-0084 
tel;cell:+1 (416) 912-6551
x-mozilla-html:FALSE
url:http://www.publicroot.org
version:2.1
end:vcard

___
Ietf mailing list
Ietf@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf

[OT] Internet / DNS Timeline (The History of the Internet DNS)

[Joe Baptista]

Now this is an interesting little giggle.  I made it into a DNS 
timeline.  Incredible.


http://www.inaic.com/index.php?p=internet-dns-timeline

Incidentaly and by way of reference, these are the people who once 
operated the root servers for turkey.  Now it is claimed to be 
unifiedroot - www.unifiedroot.com


regards
joe baptista


--
Joe Baptistawww.publicroot.org
PublicRoot Consortium

The future of the Internet is Open, Transparent, Inclusive,
Representative & Accountable to the Internet community @large.

 Office: +1 (202) 517-1593
Fax: +1 (509) 479-0084

begin:vcard
fn:Joe Baptista
n:Baptista;Joe
org:PublicRoot Consortium
adr:;;963 Ford Street;Peterborough;Ontario;K9J 5V5 ;Canada
email;internet:[EMAIL PROTECTED]
title:PublicRoot Representative
tel;fax:+1 (509) 479-0084 
tel;cell:+1 (416) 912-6551
x-mozilla-html:FALSE
url:http://www.publicroot.org
version:2.1
end:vcard

___
Ietf mailing list
Ietf@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf

[OT] DNS test of validity of a claim ROOT fracture

[Joe Baptista]

I'm looking to see if the european isp tiscalli and the country of 
turkey (ISPs) are no longer resolving using the iana root servers.  
According to the UnifiedRoot, a private company in the netherlands they 
provide resolution services to both the country and the isp.  I need 
help to test to see if they still reolve the UnifiedRoot root zone 
file.  If you use a turkish isp or the european tiscalli isp you can 
help by letting me know if the following urls resolve.


Can you click on ?

http://meijburg.kpmg/
http://philip-stein.horloges/
http://parking.schiphol/

Also any ideas what groups i can go to to find people located in those 
service areas.


much thanks
joe baptista

--
Joe Baptistawww.publicroot.org
PublicRoot Consortium

The future of the Internet is Open, Transparent, Inclusive,
Representative & Accountable to the Internet community @large.

 Office: +1 (202) 517-1593
Fax: +1 (509) 479-0084

begin:vcard
fn:Joe Baptista
n:Baptista;Joe
org:PublicRoot Consortium
adr:;;963 Ford Street;Peterborough;Ontario;K9J 5V5 ;Canada
email;internet:[EMAIL PROTECTED]
title:PublicRoot Representative
tel;fax:+1 (509) 479-0084 
tel;cell:+1 (416) 912-6551
x-mozilla-html:FALSE
url:http://www.publicroot.org
version:2.1
end:vcard

___
Ietf mailing list
Ietf@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf

Re: Domain Centric Administration, RE: draft-ietf-v6ops-natpt-to-historic-00.txt

[Joe Baptista]

John C Klensin wrote:


Maybe we are all deluded and that, as has occasionally been
claimed by some telco-based bodies, datagram networks are only
useful for research and the future, as well as the past, of
"real" networks lies in end-to-end circuits.   But I'm not
convinced yet.
 

I don't think the full poitential of the datagram network has yet been 
realized.  User control anyone?


regards
joe baptista

--
Joe Baptistawww.publicroot.org
PublicRoot Consortium

The future of the Internet is Open, Transparent, Inclusive,
Representative & Accountable to the Internet community @large.

 Office: +1 (202) 517-1593
Fax: +1 (509) 479-0084

begin:vcard
fn:Joe Baptista
n:Baptista;Joe
org:PublicRoot Consortium
adr:;;963 Ford Street;Peterborough;Ontario;K9J 5V5 ;Canada
email;internet:[EMAIL PROTECTED]
title:PublicRoot Representative
tel;fax:+1 (509) 479-0084 
tel;cell:+1 (416) 912-6551
x-mozilla-html:FALSE
url:http://www.publicroot.org
version:2.1
end:vcard

___
Ietf mailing list
Ietf@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf

Re: Domain Centric Administration, RE: draft-ietf-v6ops-natpt-to-historic-00.txt

[Joe Baptista]

[EMAIL PROTECTED] wrote:


Or perhaps, that defining migration scenarios without the full
involvement of network operations people is an exercise in futility. In
the business world this kind of work begins by identifying stakeholders,
getting full involvement from stakeholders, and only then doing design
and planning.
 



Thing have changed.

regards
joe baptista

--
Joe Baptistawww.publicroot.org
PublicRoot Consortium

The future of the Internet is Open, Transparent, Inclusive,
Representative & Accountable to the Internet community @large.

 Office: +1 (202) 517-1593
Fax: +1 (509) 479-0084

begin:vcard
fn:Joe Baptista
n:Baptista;Joe
org:PublicRoot Consortium
adr:;;963 Ford Street;Peterborough;Ontario;K9J 5V5 ;Canada
email;internet:[EMAIL PROTECTED]
title:PublicRoot Representative
tel;fax:+1 (509) 479-0084 
tel;cell:+1 (416) 912-6551
x-mozilla-html:FALSE
url:http://www.publicroot.org
version:2.1
end:vcard

___
Ietf mailing list
Ietf@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf

Re: do it yourself roots, was Something better than DNS?

[Joe Baptista]

Oops - I forgot about that one.  Yes the Chinese Ministry of Information 
and Industry have many chinese top level domains registered.  The are 
now the largest alternative root system on the planet next to icann and 
resolve for some 150 million users.  And i anticipate they will soon 
surpass that.


Peter Dambier wrote:



John, there is demand for it.

To find out why, look at these domains:

Status China Root

soa("XN--55QX5D.","2006112704","CDNS3.CNNIC.NET.CN","210.52.214.86").
soa("XN--55QX5D.","2006112704","CDNS4.CNNIC.NET.CN","61.145.114.120").
soa("XN--55QX5D.","2006112704","CDNS5.CNNIC.NET.CN","61.139.76.55").
soa("XN--55QX5D.","2006112704","HAWK2.CNNIC.NET.CN","159.226.6.185").

soa("XN--FIQS8S.","2006112704","CDNS3.CNNIC.NET.CN","210.52.214.86").
soa("XN--FIQS8S.","2006112704","CDNS4.CNNIC.NET.CN","61.145.114.120").
soa("XN--FIQS8S.","2006112704","CDNS5.CNNIC.NET.CN","61.139.76.55").
soa("XN--FIQS8S.","2006112704","HAWK2.CNNIC.NET.CN","159.226.6.185").

soa("XN--IO0A7I.","2006112704","CDNS3.CNNIC.NET.CN","210.52.214.86").
soa("XN--IO0A7I.","2006112704","CDNS4.CNNIC.NET.CN","61.145.114.120").
soa("XN--IO0A7I.","2006112704","CDNS5.CNNIC.NET.CN","61.139.76.55").
soa("XN--IO0A7I.","2006112704","HAWK2.CNNIC.NET.CN","159.226.6.185").

Status Arab Root

soa("XN--IGBHZH7GPA.","12","AR-ROOT.NIC.NET.SA","212.26.18.12").
soa("XN--LGBBAT1AD8J.","9","AR-ROOT.NIC.NET.SA","212.26.18.12").
soa("XN--MGB2DDES.","9","AR-ROOT.NIC.NET.SA","212.26.18.12").
soa("XN--MGBA3A5AZCI.","9","AR-ROOT.NIC.NET.SA","212.26.18.12").
soa("XN--MGBA5B5CCEU.","9","AR-ROOT.NIC.NET.SA","212.26.18.12").
soa("XN--MGBAH1A3HJKRD.","9","AR-ROOT.NIC.NET.SA","212.26.18.12").
soa("XN--MGBAXP8FPL.","9","AR-ROOT.NIC.NET.SA","212.26.18.12").
soa("XN--MGBB7FJB.","9","AR-ROOT.NIC.NET.SA","212.26.18.12").
soa("XN--MGBB7FYAB.","9","AR-ROOT.NIC.NET.SA","212.26.18.12").
soa("XN--MGBC0A9AZCG.","9","AR-ROOT.NIC.NET.SA","212.26.18.12").
soa("XN--MGBCPQ6GPA1A.","9","AR-ROOT.NIC.NET.SA","212.26.18.12").
soa("XN--MGBERP4A5D4AR.","2006111409","AR-ROOT.NIC.NET.SA","212.26.18.12"). 


soa("XN--MGBG8EDVM.","9","AR-ROOT.NIC.NET.SA","212.26.18.12").
soa("XN--MGBU4CHG.","9","AR-ROOT.NIC.NET.SA","212.26.18.12").
soa("XN--NGBEE7IID.","9","AR-ROOT.NIC.NET.SA","212.26.18.12").
soa("XN--WGBL6A.","5","AR-ROOT.NIC.NET.SA","212.26.18.12").
soa("XN--YGBI2AMMX.","9","AR-ROOT.NIC.NET.SA","212.26.18.12").

soa("XN--MGBAAM7A8H.","12652","NS1.UAENIC.AE","213.42.0.226").
soa("XN--MGBAAM7A8H.","12652","NS2.UAENIC.AE","195.229.0.186").

soa("XN--PGBS0DH.","2005062700","NS.ATI.TN","193.95.66.10").
soa("XN--PGBS0DH.","2005062700","NS2.ATI.TN","193.95.67.22").

Status I-DNS.NET

soa("XN--3RC8E2BB9H.","2006112608","NSA.I-DNS.NET","64.62.142.131").
soa("XN--81B8B9A9C.","2006112608","NSA.I-DNS.NET","64.62.142.131").
soa("XN--C1AVG.","2006112608","NSA.I-DNS.NET","64.62.142.131").
soa("XN--E1APQ.","2006112608","NSA.I-DNS.NET","64.62.142.131").
soa("XN--G2B9A1A.","2006112608","NSA.I-DNS.NET","64.62.142.131").
soa("XN--I1B6B7E.","2006112608","NSA.I-DNS.NET","64.62.142.131").
soa("XN--J1AEF.","2006112608","NSA.I-DNS.NET","64.62.142.131").
soa("XN--P1AG.","2006112608","NSA.I-DNS.NET","64.62.142.131").
soa("XN--P1AI.","2006112608","NSA.I-DNS.NET","64.62.142.131").
soa("XN--QLC9A5A.","2006112608","NSA.I-DNS.NET","64.62.142.131").
soa("XN--USC8B9A.","2006112608","NSA.I-DNS.NET","64.62.142.131").
soa("XN--USCN1BV9BH3H.","2006112608","NSA.I-DNS.NET","64.62.142.131").
soa("XN--VF4B131B.","2006112608","NSA.I-DNS.NET","64.62.142.131").
soa("XN--ZB0BNW.","2006112608","NSA.I-DNS.NET","64.62.142.131").
soa("XN--ZV4B74Y.","2006112608","NSA.I-DNS.NET","64.62.142.131").

Those people dont talk english and they dont use latin keyboerds.
That is why you never heard of them.


Kind regards
Peter and Karin




___
Ietf mailing list
Ietf@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf

Re: FYI -- IAB statement on IANA RFI

[Joe Baptista]

On Fri, 10 Mar 2006, Brian E Carpenter wrote:

> Thanks Jordi.
>
> Personally, Joe's language doesn't normally annoy me since I
> filter his mail unread, but I agree that what you quote is completely
> inappropriate and in complete coflict with RFC 3005.

ok - will review the rfc and submit my opinion.

cheers
joe

>
> >Inappropriate postings include:
> ...
> > - Unprofessional commentary, regardless of the general subject
>
> Brian
>
> JORDI PALET MARTINEZ wrote:
> > Hi Joe,
> >
> > I feel that your language is becoming too much abusive.
> >
> > You need to think that, even if you believe is the true what you're saying,
> > and you have the right of freedom to express it, there are ways to don't
> > hurt other people sensibility ("ball brokers").
> >
> > Please, read twice before clicking "send" and refrain from further abusive
> > posting. Otherwise you will be forcing us to take a serious decision
> > regarding your future postings.
> >
> > Thanks for your understanding.
> >
> > IETF Sergeant at Arms
> >
> >
> >
> >
> >>De: Joe Baptista <[EMAIL PROTECTED]>
> >>Responder a: <[EMAIL PROTECTED]>
> >>Fecha: Thu, 9 Mar 2006 17:03:21 -0500 (EST)
> >>Para: "JFC (Jefsey) Morfin" <[EMAIL PROTECTED]>
> >>CC: Leslie Daigle <[EMAIL PROTECTED]>, IAB <[EMAIL PROTECTED]>,
> >>"ietf@ietf.org" , Carl Malamud <[EMAIL PROTECTED]>,
> >><[EMAIL PROTECTED]>
> >>Asunto: Re: FYI -- IAB statement on IANA RFI
> >>
> >>
> >>my detailed notes below ...
> >>
> >>On Wed, 8 Mar 2006, JFC (Jefsey) Morfin wrote:
> >>
> >>
> >>>At 18:27 08/03/2006, Carl Malamud wrote:
> >>>
> >>>
> >>>>>It's been pointed out that the note to DoC was actually sent by
> >>>>>the IAB and the IETF *Chair* not the IETF as whole.
> >>>>>
> >>>>>Obviously, the timescale of this RFI was too short for the
> >>>>>IETF as a whole to debate a response. In fact, it was even too short
> >>>>>for us to spot this nit.
> >>>>
> >>>>Or to run a spell checker?  It would have been better to not answer
> >>>>instead of doing such a haphazard job.  This was not an effective
> >>>>document either in terms of process or substance.
> >>>
> >>>Dear Carl,
> >>>the problem is that IETF and IAB do not want to accept the real world.
> >>>http://www.interfax.cn/showfeature.asp?aid=10717
> >>
> >>I strongly support this move by china.  t is about time that IANA
> >>recognize the obvious - open up the root.  This is a good start.  China is
> >>quick to learn the technological trap they have fallen into.  They need
> >>ICANN as much as ICANN needs them.  It also shows a very interesting
> >>simularity to what happened at the Public-Root.  There we had Turey as our
> >>partner - like the chinese - not the best of human rights partners but
> >>partners non the less brougt together through necessitty.
> >>
> >>
> >>>And the real  world is catching up. The USG is in a real world.
> >>>Their, our world.
> >>>
> >>>What to do now?
> >>
> >>will they wake up to reality - what we will see is a compromise.  but they
> >>chinese are ball breakers - and I think it's high time someone break some
> >>balls at ICANN.  Go china go.
> >>
> >>
> >>>- to ignore? possibly losing control on the IANA.
> >>>- to adapt in creating an IETF server? possibly creating a mess for
> >>>nothing if they do not sell? worse if they sell?
> >>>- lto ead in reviewing the architecture towards a fully distributed
> >>>network with concerted IANA, one a country? a language?
> >>>
> >>>NOT an easy choice. But a choice which has to be made.
> >>
> >>The PublicRoot structure is the ultimate choice framework which provides
> >>for shared operability.
> >>
> >>regards
> >>joe
> >>
> >>___
> >>Ietf mailing list
> >>Ietf@ietf.org
> >>https://www1.ietf.org/mailman/listinfo/ietf
> >>
> >
> >
> >
> >
> >
> > **
> > The IPv6 Portal: http://www.ipv6tf.org
> >
> > Barcelona 2005 Global IPv6 Summit
> > Slides available at:
> > http://www.ipv6-es.com
> >
> > This electronic message contains information which may be privileged or 
> > confidential. The information is intended to be for the use of the 
> > individual(s) named above. If you are not the intended recipient be aware 
> > that any disclosure, copying, distribution or use of the contents of this 
> > information, including attached files, is prohibited.
> >
> >
> >
> >
>
>

___
Ietf mailing list
Ietf@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf

Turkish secret service and a url to follow up Re: Could this be the next China Root

[Joe Baptista]

On Thu, 9 Mar 2006, Joe Baptista wrote:

>
> Turkish secret service operative discovered in Public-Root.

http://www.netkwesties.nl/editie140/artikel1.html

___
Ietf mailing list
Ietf@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf

Could this be the next China Root

[Joe Baptista]

Turkish secret service operative discovered in Public-Root.

___
Ietf mailing list
Ietf@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf

Re: FYI -- IAB statement on IANA RFI

[Joe Baptista]

my detailed notes below ...

On Wed, 8 Mar 2006, JFC (Jefsey) Morfin wrote:

> At 18:27 08/03/2006, Carl Malamud wrote:
>
> > > It's been pointed out that the note to DoC was actually sent by
> > > the IAB and the IETF *Chair* not the IETF as whole.
> > >
> > > Obviously, the timescale of this RFI was too short for the
> > > IETF as a whole to debate a response. In fact, it was even too short
> > > for us to spot this nit.
> >
> >Or to run a spell checker?  It would have been better to not answer
> >instead of doing such a haphazard job.  This was not an effective
> >document either in terms of process or substance.
>
> Dear Carl,
> the problem is that IETF and IAB do not want to accept the real world.
> http://www.interfax.cn/showfeature.asp?aid=10717

I strongly support this move by china.  t is about time that IANA
recognize the obvious - open up the root.  This is a good start.  China is
quick to learn the technological trap they have fallen into.  They need
ICANN as much as ICANN needs them.  It also shows a very interesting
simularity to what happened at the Public-Root.  There we had Turey as our
partner - like the chinese - not the best of human rights partners but
partners non the less brougt together through necessitty.

> And the real  world is catching up. The USG is in a real world.
> Their, our world.
>
> What to do now?

will they wake up to reality - what we will see is a compromise.  but they
chinese are ball breakers - and I think it's high time someone break some
balls at ICANN.  Go china go.

> - to ignore? possibly losing control on the IANA.
> - to adapt in creating an IETF server? possibly creating a mess for
> nothing if they do not sell? worse if they sell?
> - lto ead in reviewing the architecture towards a fully distributed
> network with concerted IANA, one a country? a language?
>
> NOT an easy choice. But a choice which has to be made.

The PublicRoot structure is the ultimate choice framework which provides
for shared operability.

regards
joe

___
Ietf mailing list
Ietf@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf

Re: Beyond China's independent root-servers -- Expanding and Fixing Domain Notation

[Joe Baptista]

Stephane Bortzmeyer wrote:


There is nothing to do for the IETF or the "Internet technical
community" (whatever it is). The problem is 100 % political and should
be addressed in ICANN / WSIS / IGF / whatever but not in the IETF.

 

Good Lord - your spewing the crapola far and wide today.  Like I told 
you in the governance conference.  Protocols are not political.  Least 
you forget what I told you in the governance - here is my message to you 
- enjoy it - again.


Stephane Bortzmeyer wrote:


There are two different sorts of political problems on the
Internet. Those where a central governance is *mandatory* or things
simply stop to work. DNS root management and IP address allocation are
 

Where do you come up with this trash.  You either do not understand the 
issues or your playing games.  Technical protocols are not political.  
Technical protocols can not be mandated or their administration made 
mandatory.  I can see it now - protocol police everywhere.


You can't mandate this - and you can't politicize it.  This whole issue 
is about names and numbers.  And how do we manage names and numbers? 
Answer - we use a database.


The only thing you require is a few simple rules to avoid conflicts - 
and those rules have been written - I give you RFC 1591.  All one needs 
to do is translate this from domains to TLDs.  Enjoy the light reading.


Network Working Group  J. Postel
Request for Comments: 1591   ISI
Category: Informational   March 1994


Domain Name System Structure and Delegation


Status of this Memo

 This memo provides information for the Internet community.  This memo
 does not specify an Internet standard of any kind.  Distribution of
 this memo is unlimited.

1. Introduction

 This memo provides some information on the structure of the names in
 the Domain Name System (DNS), specifically the top-level domain
 names; and on the administration of domains.  The Internet Assigned
 Numbers Authority (IANA) is the overall authority for the IP
 Addresses, the Domain Names, and many other parameters, used in the
 Internet.  The day-to-day responsibility for the assignment of IP
 Addresses, Autonomous System Numbers, and most top and second level
 Domain Names are handled by the Internet Registry (IR) and regional
 registries.

2.  The Top Level Structure of the Domain Names

 In the Domain Name System (DNS) naming of computers there is a
 hierarchy of names.  The root of system is unnamed.  There are a set
 of what are called "top-level domain names" (TLDs).  These are the
 generic TLDs (EDU, COM, NET, ORG, GOV, MIL, and INT), and the two
 letter country codes from ISO-3166.  It is extremely unlikely that
 any other TLDs will be created.

 Under each TLD may be created a hierarchy of names.  Generally, under
 the generic TLDs the structure is very flat.  That is, many
 organizations are registered directly under the TLD, and any further
 structure is up to the individual organizations.

 In the country TLDs, there is a wide variation in the structure, in
 some countries the structure is very flat, in others there is
 substantial structural organization.  In some country domains the
 second levels are generic categories (such as, AC, CO, GO, and RE),
 in others they are based on political geography, and in still others,
 organization names are listed directly under the country code.  The
 organization for the US country domain is described in RFC 1480 [1].




Postel  [Page 1]

RFC 1591  Domain Name System Structure and Delegation March 1994


 Each of the generic TLDs was created for a general category of
 organizations.  The country code domains (for example, FR, NL, KR,
 US) are each organized by an administrator for that country.  These
 administrators may further delegate the management of portions of the
 naming tree.  These administrators are performing a public service on
 behalf of the Internet community.  Descriptions of the generic
 domains and the US country domain follow.

 Of these generic domains, five are international in nature, and two
 are restricted to use by entities in the United States.

 World Wide Generic Domains:

 COM - This domain is intended for commercial entities, that is
   companies.  This domain has grown very large and there is
   concern about the administrative load and system performance if
   the current growth pattern is continued.  Consideration is
   being taken to subdivide the COM domain and only allow future
   commercial registrations in the subdomains.

 EDU - This domain was originally intended for all educational
   institutions.  Many Universities, colleges, schools,
   educational service organizations, and educational consortia
   have registered here.  More recently a decision has been taken
   to limit further reg

Re: Beyond China's independent root-servers -- Expanding and Fixing Domain Notation

[Joe Baptista]

Mark Andrews wrote:


They are still a problem whether you think they should exist
or not.  The problem is that they are added unilaterally
and people using them expect everyone else to be able to
resolve them as well.  The method of adding them was wrong
as it does not scale.  If every language added the equivalent
you would have hundreds of sets of nameservers that you
would have to track down and add to your own configuration.
 

I agree with you - it does not scale well - over time root which fail to 
carry the chinese TLD labels will get swamped with quereis.  However -  
I completely disagree with your view that the method used to add them 
was wrong.  It was very right for the chinese to act unilaterally.  The 
alterative, open, or public set the standards for TLD holders and root 
system to act unilaterrally.


The chinese approached ICANN some five years ago to have their TLDs 
included in the IANA root.  ICANN gave them the finger and they much 
like the open root TLD operators gave ICANN the boot.  Now mind you the 
chinese have a much bigger boot then the open roots - so I anticipate 
this is a much more painful experience.


Give my luv to Paul
Joe Baptista


___
Ietf mailing list
Ietf@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf

Re: Beyond China's independent root-servers -- Expanding and Fixing Domain Notation

[Joe Baptista]

Kurt Erik Lindqvist wrote:

To best of my knowledge, that there are no new Chinese root-servers -  
despite what the press says. And at least we have not seen a drop in  
queries to our anycast instance in Beijing yet so there even seems to  
be data to support that...



There are. Check Peter Dambiers messages for details.

As for you claims of data to support this - show us.

First - you won't notice any drop in queries because the china roots 
refers all queries concerning NON-CHINESE TLDs back to IANA.


Second - you will notice an increase in what you guys at the roots call 
I think illegal or erroneous TLDs - which see


http://www.theregister.co.uk/2003/02/05/dud_queries_swamp_us_internet/

Incidentally - since my article was written I have not seen any further 
studies concerning root traffic from CAIDA or anyone else.  In fact root 
operators don't really share much with the world - do they?


cheers
joe baptista

___
Ietf mailing list
Ietf@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf

Re: Multinational Internet or Balkanization?

[Joe Baptista]

JFC (Jefsey) Morfin wrote:



Whatever we may think it seems that countries allocate themselves 
gTLDs, isn't it?




Exactly.  And lets not forget the turkish multiligual TLDs which were 
tested by the Public-Root on behalf of the Turkish government.


Peter Dambier wrote an excellent post to the governance conferences 
(WSIS) which speculates - correctly in my not so humble opinion - that 
countries will indeed setup their own TLDs and roots.


In other words - before this is fixed we need the technical version of 
the tower of Babel before we all realize the best method to use network 
is co-operatively.  ICANN has shown us the ways of dictatorship and 
multiple roots will show us the way to a co-operative model.  It already 
exists - the public-root which was the first root system - to carry the 
chinese TLDs.


Sure there will be some serious technical difficulties - already exists 
with the China root, the public-root, the unifiedroot and every other 
root system out there.  These technical problem exist mainly for the 
IANA roots.  They get traffic from other roots when the users system 
attempts resolves domains from other roots using the IANA roots, and of 
course fails.  This traffic is now significant and one of the reasons 
for anycasting the IANA roots to reduce the impact on their root servers.


In short if IANA does not come along - it will become increasingly 
irrelevant and that has been demonstrated time and time again.  
Co-operation is the rule of law on the internet.  You don't co-operate - 
you don't communicate.  Its the users need to communicate which is the 
driving force behind the internet and those root that will remain relevant.


cheers
joe baptista


___
Ietf mailing list
Ietf@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf

Re: Multinational Internet or Balkanization?

[Joe Baptista]

Brian E Carpenter wrote:


...


Ignore China?



No, that would be foolish.


It is foolish.



We automatically ignore any pseudo-TLD that only exists within
a walled garden, because it is simply invisible outside.
It isn't part of the global Internet. If it appears in any
way outside the walled garden, it is meaningless.


This is why it is so foolish:

http://www.theregister.co.uk/2003/02/05/dud_queries_swamp_us_internet/

As you can see the wall which the existing root system has drawn around 
the alternative or open public roots has resulted in technical 
difficulties for the IANA root.  The same issues have applied to the 
chinese root as it has become popular.  As you can see living in a 
walled garden don't work.


regards
joe


___
Ietf mailing list
Ietf@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf

Re: Beyond China's independent root-servers -- Expanding and Fixing Domain Notation

[Joe Baptista]

Mohsen BANAN wrote:


More than 5 years ago I predicted what the Chinese
government announced today.
 

This action by the chinese was done three years ago.  This is not a new 
event.


regards
joe


What happened today:

http://english.people.com.cn/200602/28/eng20060228_246712.html
http://www.interfax.cn/showfeature.asp?aid=10411&slug=INTERNET-POLICY-MII-DOMAIN%20NAME-DNS
http://www.domainesinfo.fr/vie_extensions.php?vde_id=859
http://politics.slashdot.org/politics/06/02/28/1610242.shtml
http://news.com.com/China+creates+own+Internet+domains/2100-1028_3-6044629.html

was obvious and quite easy to foresee.

Addressing the requirements of a very real
international multi-root environment is also not
all that hard and will likely naturally evolve.

But there is more that can be done. The Internet
technical community is now given a unique
opportunity to expand the domain notation and even
address past mistakes and fix the domain
backwardness problem.

About 4 years ago, in a note with the subject of:

Revisiting - Re: Now: Next Generation Domains and DNS -- Was: Re: No More 
Central Authority: Not NSI/ICAN! Not ORSC!

I re-sent the write up (dated Jan 1999) for what
needs to be done to move things forward. It is
included here again below.

Obviously, IETF is not fit to move this forward.

If anybody translates this plan into Chinese,
please email me a copy.

-- Mohsen BANAN


To: Internet Technical Community 
Subject: Revisiting - Re: Now: Next Generation Domains and DNS -- Was: Re: No 
More Central Authority: Not NSI/ICAN! Not ORSC!
From: public at mohsen.banan.1.byname.net
Date: 06 Aug 2002 06:42:23 -0700
Sender: owner-ietf at ietf.org

Good!

After many years, the Internet technical
community (save ICANN and IETF cult's chiefs)
has now arrived to the general recognition
that the concept of parallel root server clusters
are in fact practical, workable, stable and democratic.

It may now be a good time to re-visit other DNS problems
and recognize that they can also be solved.

Most notably, The DNS Notation Backwardsness.

Parallel root server clusters and the fixing of the
DNS Notation Backwardsness problem are very related and
can be done at the same time.

I explained all of this in reasonable detail more than
3.5 years ago. It is comforting to see that parts of
the solution that I proposed is now in place.

Below is the main email from the thread that I introduced
in 1998/1999.

At that time, with hope, I said:
  I believe it is only now that we have an opportunity to
  plant the right seeds so that the "problem" can
  be fixed over time.


 


From a historic perspective it is worthwhile noting that
   


shortly after Bob Allisat suggested that the IETF build
on the concepts that I had introduced, he was banned from
the IETF mailing list by the then IETF Chair,
Fred Baker.

While I address this message to the
Internet technical community,
if in fact IETF does not stand for
Innovation Extermination Task Force,
then perhaps even IETF can get involved
in cultivation of these concepts.


--- 1999 Original Message Follows ---

To: IETF Mailing List 
Subject: Re: Now: Next Generation Domains and DNS -- Was: Re: No More Central 
Authority: Not NSI/ICAN! Not ORSC!
Date: Tue, 26 Jan 1999 00:41:34 -0800 (PST)



[This is a summary response which covers comments
which were in reply to my:
<199901220641.WAA11066 at rostam.neda.com>
message with the subject of:
Re: Now: Next Generation Domains and DNS -- Was: Re: No More Central Authority: 
Not NSI/ICAN! Not ORSC!
dated Thu, 21 Jan 1999 22:41:13 -0800 (PST).]


I ended my previous note, by saying:

 


On Thu, 21 Jan 1999 22:41:13 -0800 (PST), Mohsen BANAN  
said:
   



 Mohsen> ...

 Mohsen> Now, after all of this if there was to be an
 Mohsen> acknowledgment that there is an architectural
 Mohsen> problem here and that this is not a "strings
 Mohsen> parsing" issue which can go either way, then
 Mohsen> may be we can work on solutions 


Many got the point -- that there is a "notation backwardness" problem.

For example:

 


On Fri, 22 Jan 1999 08:42:32 -, "mark.paton"  
said:
   



 mark> I hate to admit it but he has a point!

and:

 


On Fri, 22 Jan 1999 14:50:41 +0400, Peter Dawson  said:
   



 Peter> ...

 Peter> How come  the folks don't admit the mistakes and just
 Peter> keepcontinuing..  ?? we all understand it is human to err..  !!


and:





Now, we just have got to leave behind those who
after all of this, still don't get it and can't
(or don't want to) follow.



I -- and many others -- have known about this
notation backwardness for more than 10 years.
Prior to last week, I had never brought up this
issue publicly.

There is a good reason why I chose 1999 as the
time to bring it up. That is because, I believe
it is only now that we have an opportunity to
plant the right seeds so that the "problem" can
be fixed over time.


Taking advantage of this opportunity to fix it
is a lot more reasonable than "li

Re: What's an experiment?

[Joe Baptista]

Peter Dambier wrote:


Still they have nameservers and they happily communicate with
each other without ICANN even nowing about their existence.


Out of touch with reality.

regards
joe


Cheers

Peter and Karin





At 16:06 15/02/2006, Brian E Carpenter wrote:


When considering some recent appeals, the IESG discovered that
we have very little guidance about the meaning of "experiments"
in relation to Experimental RFCs. RFC 2026 refers to work which
is "part of some research or development effort" and the IESG
has adopted some guidelines to discriminate between Experimental
and Informational documents (see
http://www.ietf.org/u/ietfchair/draft-iesg-info-exp-01.html ).
But beyond that, we do not know what constitutes an acceptable
experiment on the Internet.

The IESG notes that the community could establish a variety of
guidelines describing what is and is not acceptable in experiments.
Historically, the IESG has made decisions based on its perception
that there is a strong desire in the community to publish technology
that is being deployed experimentally.  We encourage community 
discussion

and development of more specific guidelines on operational conflicts
caused by experiments and how this should affect what we choose to
publish.  (However we recommend that such discussion
focus on the general issue rather than the specifics of any case.)

  Brian Carpenter
  for the IESG








___
Ietf mailing list
Ietf@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf

Re: What's an experiment?

[Joe Baptista]

JFC (Jefsey) Morfin wrote:


Dear Brian,
ICANN ICP-3 document called for a DNS test-bed to carry experiments in 
a given framework (to test various DNS evolutions including the end of 
the root). The document lists interesting criteria/conditions. Some 
are related to the DNS (non profit, ultimate agreement by the 
community). Of the head two are important: reversibility and no harm 
to the current operations. The "non profit" can be generailised: if a 
community effort is carried to commonly consider an evolution, every 
option should be considered and equally supported. Experiments must 
not be a way to impose personnal or affinity group doctrines and DoE 
(Denial of Evolution). Reversibility would also mean the result cannot 
be published as BCP. It may reflect the practice of a group. But it 
would not be acceptable to impose it to non participants as there is 
no proof it would scale - before the experience convers the whole 
network. This means that experience may be a way to deploy or to 
transition. Should the IETF has started a large scale IPv6 
experimentation, may be would we have IPv6 by competition to the RIRs. 
This has been considered.

jfc


Thats happening regardless of the IETF - www.public-root.com, 
www.inaic.com and www.unifiedroot.com.  Failed experiments result in 
successful evolution.


regards
joe




At 16:06 15/02/2006, Brian E Carpenter wrote:


When considering some recent appeals, the IESG discovered that
we have very little guidance about the meaning of "experiments"
in relation to Experimental RFCs. RFC 2026 refers to work which
is "part of some research or development effort" and the IESG
has adopted some guidelines to discriminate between Experimental
and Informational documents (see
http://www.ietf.org/u/ietfchair/draft-iesg-info-exp-01.html ).
But beyond that, we do not know what constitutes an acceptable
experiment on the Internet.

The IESG notes that the community could establish a variety of
guidelines describing what is and is not acceptable in experiments.
Historically, the IESG has made decisions based on its perception
that there is a strong desire in the community to publish technology
that is being deployed experimentally.  We encourage community 
discussion

and development of more specific guidelines on operational conflicts
caused by experiments and how this should affect what we choose to
publish.  (However we recommend that such discussion
focus on the general issue rather than the specifics of any case.)

  Brian Carpenter
  for the IESG




___
Ietf mailing list
Ietf@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf




___
Ietf mailing list
Ietf@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf




___
Ietf mailing list
Ietf@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf

Re: [Pr-plan] Re: George Green takes over internet Re: 5W Intelligence Service Report

[Joe Baptista]

Jeroen:

Was able to confirm first patent was rejected - i.e.

> http://nl.ecodoc.mineco.fgov.be/BASIS/BREV/web/brevwebdut11/DDW?W%3DTI+PH+IS+%27TECHNOLOGIE+EN+BUSINESSMODEL+INZAKE%27%26M%3D2%26K%3D004/0623%26R%3DY%26U%3D1

but what about the second one?

> http://nl.ecodoc.mineco.fgov.be/BASIS/BREV/web/brevwebdut11/DDW?W%3DTI+PH+IS+%27TECHNOLOGIE+EN+BUSINESSMODEL+INZAKE%27%26M%3D1%26K%3D005/0340%26R%3DY%26U%3D1

does not look like that one was rejected.  any advise Jeroen?

thanks
joe baptista

On Thu, 13 Oct 2005, Joe Baptista wrote:

>
>
> On Thu, 13 Oct 2005, Jeroen Massar wrote:
>
> > Just a little clarification for the archives as this is of course again
> > mis-propaganda etc
>
> Not mispropaganda sureley.  Its more to the point to say we dont speaken
> the dutch.
>
> Your report that both applications were rejected pleases me.  I myself
> considered the attempt ridiculous. I'm not sure the process of adding a
> label to a database can be patented.  If it can alot of people are in
> trouble.
>
> TLDs do have intellectual property value - but that is in the database
> copyright, not in the technical administrative proceedure.
>
> Cheers
> joe baptista
>
> >
> > On Wed, 2005-10-12 at 15:58 -0400, Joe Baptista wrote:
> > > Yes - both patents attempt to take control of the adding of tlds to a root
> > > zone file.  The second patent recorded on 6 July 2005 is an attempt to
> > > further recognize the proceedure as being commercial.  Will need some
> > > native speakers to make out the exact wording on the original patents.
> > 
> >
> > > > http://nl.ecodoc.mineco.fgov.be/BASIS/BREV/web/brevwebdut11/DDW?W%3DTI+PH+IS+%27TECHNOLOGIE+EN+BUSINESSMODEL+INZAKE%27%26M%3D2%26K%3D004/0623%26R%3DY%26U%3D1
> > > >
> > > > http://nl.ecodoc.mineco.fgov.be/BASIS/BREV/web/brevwebdut11/DDW?W%3DTI+PH+IS+%27TECHNOLOGIE+EN+BUSINESSMODEL+INZAKE%27%26M%3D1%26K%3D005/0340%26R%3DY%26U%3D1
> >
> > For Non Dutch Speaking people, these two URL's both contain a very
> > important part:
> >
> > 8<
> > Beperkingen:  4. GEWEIGERD / AFGEWEZEN 20050404
> > >8
> >
> > Which translates to:
> >
> > 8<
> > Limitations:  4. REJECTED 20050404
> > >8
> >
> > In other words, nobody is getting any patent.
> > There would be a lot of prior art anyway ;)
> >
> > Now back to your normal IETF schedule
> >
> > Greets,
> >  Jeroen
> >
> >
>
> ___
> Pr-plan mailing list
> [EMAIL PROTECTED]
> http://LAIR.LIONPOST.NET/mailman/listinfo/pr-plan
>

___
Ietf mailing list
Ietf@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf

Re: George Green takes over internet Re: 5W Intelligence Service Report

[Joe Baptista]

On Thu, 13 Oct 2005, Jeroen Massar wrote:

> Just a little clarification for the archives as this is of course again
> mis-propaganda etc

Not mispropaganda sureley.  Its more to the point to say we dont speaken
the dutch.

Your report that both applications were rejected pleases me.  I myself
considered the attempt ridiculous. I'm not sure the process of adding a
label to a database can be patented.  If it can alot of people are in
trouble.

TLDs do have intellectual property value - but that is in the database
copyright, not in the technical administrative proceedure.

Cheers
joe baptista

>
> On Wed, 2005-10-12 at 15:58 -0400, Joe Baptista wrote:
> > Yes - both patents attempt to take control of the adding of tlds to a root
> > zone file.  The second patent recorded on 6 July 2005 is an attempt to
> > further recognize the proceedure as being commercial.  Will need some
> > native speakers to make out the exact wording on the original patents.
> 
>
> > > http://nl.ecodoc.mineco.fgov.be/BASIS/BREV/web/brevwebdut11/DDW?W%3DTI+PH+IS+%27TECHNOLOGIE+EN+BUSINESSMODEL+INZAKE%27%26M%3D2%26K%3D004/0623%26R%3DY%26U%3D1
> > >
> > > http://nl.ecodoc.mineco.fgov.be/BASIS/BREV/web/brevwebdut11/DDW?W%3DTI+PH+IS+%27TECHNOLOGIE+EN+BUSINESSMODEL+INZAKE%27%26M%3D1%26K%3D005/0340%26R%3DY%26U%3D1
>
> For Non Dutch Speaking people, these two URL's both contain a very
> important part:
>
> 8<
> Beperkingen:  4. GEWEIGERD / AFGEWEZEN 20050404
> >8
>
> Which translates to:
>
> 8<
> Limitations:  4. REJECTED 20050404
> >8
>
> In other words, nobody is getting any patent.
> There would be a lot of prior art anyway ;)
>
> Now back to your normal IETF schedule
>
> Greets,
>  Jeroen
>
>

___
Ietf mailing list
Ietf@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf

George Green takes over internet Re: 5W Intelligence Service Report

[Joe Baptista]

Yes - both patents attempt to take control of the adding of tlds to a root
zone file.  The second patent recorded on 6 July 2005 is an attempt to
further recognize the proceedure as being commercial.  Will need some
native speakers to make out the exact wording on the original patents.

On Wed, 12 Oct 2005, Cesidio Tallini wrote:

> Peter,
>
> Seems like something similar to that which you mention, but those exist
> already.
>
> You missed the following in your great search, because Xennt also has
> another two separate, and similar-natured registered patents:
>
> http://nl.ecodoc.mineco.fgov.be/BASIS/BREV/web/brevwebdut11/DDW?W%3DTI+PH+IS+%27TECHNOLOGIE+EN+BUSINESSMODEL+INZAKE%27%26M%3D2%26K%3D004/0623%26R%3DY%26U%3D1
>
> http://nl.ecodoc.mineco.fgov.be/BASIS/BREV/web/brevwebdut11/DDW?W%3DTI+PH+IS+%27TECHNOLOGIE+EN+BUSINESSMODEL+INZAKE%27%26M%3D1%26K%3D005/0340%26R%3DY%26U%3D1
>
> The first patent, "METHODE, TECHNOLOGIE EN BUSINESSMODEL INZAKE SPECIALE
> INTERNET EXTENSIES", No. 2004/0623, seems to have been recorded on 20
> December 2004. The second, "METHODE, TECHNOLOGIE EN BUSINESSMODEL INZAKE
> SPECIALE INTERNET EXTENSIES", No. 2005/0340, which sounds like the same
> thing, or two different things of similar nature, seems to have been
> recorded on 6 July 2005.
>
> Dirk Laureyssens is currently Person No. 5 on the INAIC World Council. His
> bio says:
>
> "Mr. Laureyssens was born in 1950 in Belgium. After his studies he joined
> the Federal Ministry of Economy, and i.e. participated as Benelux
> representative in textile negotiations at the European Commission.
> "From 1985 Mr. Laureyssens was involved in the development of start-up
> companies in toy and games, software (i.e. 3ivx video compression) and
> electronics. Currently Mr. Laureyssens is Master in Social and Political
> Sciences, and is an independent Intellectual Property consultant.
> "In addition Dirk Laureyssens is inventor and he holds a wide range of
> patents."
>
> Cesidio


Joe Baptista, Official Public-Root Representative and Lobbyist to the
United States Congress and Senate / Tel: +1 (202) 517-1593

Public-Root Disclosure Documents: http://www.cynikal.net/~baptista/P-R/
Public-Root Discussion Forum: http://lair.lionpost.net/mailman/listinfo/pr-plan


>
>
>
> - Original Message -
> From: "Peter Dambier" <[EMAIL PROTECTED]>
> To: "Cesidio Tallini" <[EMAIL PROTECTED]>
> Cc: "Joe Baptista" <[EMAIL PROTECTED]>; "Bradley Thornton"
> <[EMAIL PROTECTED]>; "HM Cesidio Tallini" <[EMAIL PROTECTED]>
> Sent: Wednesday, October 12, 2005 5:02 AM
> Subject: Re: 5W Intelligence Service Report
>
>
> > That is our registry???
> >
> >
> > here is more details:
> >
> >
> > http://nl.ecodoc.mineco.fgov.be/BASIS/BREV/web/brevwebdut11/DDW?W%3DTI+PH+IS+%27PEER-TO-DNS%27%26M%3D1%26K%3D005/0374%26R%3DY%26U%3D1
> >
> > Soort:   BELG
> >
> > Voorlopig nummer:   2005/0374
> >
> >  Datum indiening van de aanvraag:   27.07.2005
> >
> >  Aard:   REGISTER OKTROOIAANVRAGEN
> >
> > Titel:   PEER-TO-DNS SYSTEEM.
> >
> > Houders:
> > LAUREYSSENS Dirk,   Grote steenweg 408/19,  B-2600  ANTWERPEN (BE)
> > ZENNT Herman Johan, Bechlaan 45,NL-4463 BX GOES (NL);
> > BOR Marcel, Grote steenweg 408/19,  B-2600  ANTWERPEN;
> >
> >  Land houders:   BE
> >
> >
> >
> > Kind regards,
> > Peter and Karin
> >
> >
> > Cesidio Tallini wrote:
> >> Joe... Peter...
> >>  Our Fifth World Intelligence Service have found a piece of information
> >> that may interest you.
> >>  I don't know if you saw this, but it looks like our "friends":
> >>
> >> * Marcel Bor
> >> * Dirk Laureyssens
> >> * Herman Johan Zennt
> >>
> >> Some time in July 2005 filed for at least two patents with the Belgian
> >> Intellectual Property Office:
> >>  *BELGIAN PATENT APPLICATIONS FILED WITH THE INTELLECTUAL PROPERTY OFFICE
> >> FROM 01/07/2005 UNTIL 31/07/2005:*
> >> ** ** *TITULAIRE NO
> >> DEMNO/PUB  D.DEM   TITRE *
> >> *TITULARIS AANVR NR
> >> PUB/NR  AANVR.D TITEL *
> >> *- 
> >>  --  --- - *
> >> *BOR MARCEL LAUREYSSENS DIRK;>ZENNT HERMAN JOHAN;>BOR MARCEL   2005/0374
> >> 050727  PEER

RE: The Root has got an A record

[Joe Baptista]

wrong site - try www.inaic.com and www.public-root.com.  Turkey is our
best customer.

cheers
joe

Joe Baptista, Official Public-Root Representative and Lobbyist to the
United States Congress and Senate / Tel: +1 (202) 517-1593

Public-Root Disclosure Documents: http://www.cynikal.net/~baptista/P-R/
Public-Root Discussion Forum: http://lair.lionpost.net/mailman/listinfo/pr-plan


On Tue, 11 Oct 2005, Hallam-Baker, Phillip wrote:

> I am really confused as well. An organization calling itself
> 'public-root' that does not provide the breifest description of what it
> is about, from their front page:
>
> 'This area is available for restricted users and only accessable through
> limited IP numbers.'
>
> For those of us who do not read nanog please prefix discussions about
> wildcat roots as 'JOKE' or 'HOAX' so we don't waste time on them.
>
>
>
>
> 
>
>   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
> Behalf Of James Seng
>   Sent: Tuesday, October 11, 2005 12:00 AM
>   To: [EMAIL PROTECTED]
>   Cc: ietf@ietf.org
>   Subject: Re: The Root has got an A record
>
>
>   I am confused. Why is this (ie, public-root.net operation) of
> any concern to IETF?
>
>   Even if this happens on "root-server.net", the appropriate forum
> is to bring it to ICANN/IANA.
>
>   -James Seng
>
>
>   On 10/10/05, Peter Dambier <[EMAIL PROTECTED]> wrote:
>
>   See with your own eyes:
>
>   ; <<>> DiG 9.1.3 <<>> -t any . @a.public-root.net
>   ;; Got answer:
>   ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id:
> 18588
>   ;; flags: qr aa rd; QUERY: 1, ANSWER: 15, AUTHORITY: 0,
> ADDITIONAL: 0
>
>   ;; QUESTION SECTION:
>   ;.  IN  ANY
>
>   ;; ANSWER SECTION:
>   .   172800  IN  SOA
> a.public-root.net. hostmaster.public-root.net.\
>
> 2005101006 43200 3600 1209600 14400
>   .   172800  IN  A
> 57.67.193.188
>   .   172800  IN  NS
> k.public-root.net.
>   .   ...
>   .   172800  IN  NS
> j.public-root.net.
>
>   ;; Query time: 81 msec
>   ;; SERVER: 205.189.71.2#53(a.public-root.net)
>   ;; WHEN: Mon Oct 10 16:01:11 2005
>
>
>    Original Message 
>   Return-Path: <[EMAIL PROTECTED]>
>   X-Flags: 
>   Delivered-To: GMX delivery to [EMAIL PROTECTED]
>   Received: (qmail invoked by alias); 10 Oct 2005 13:07:54
> -
>   Received: from LAIR.LIONPOST.NET (EHLO LAIR.LIONPOST.NET
> ) [199.5.157.32]
>  by mx0.gmx.net (mx072) with SMTP; 10 Oct 2005
> 15:07:54 +0200
>   Received: from list.public-root.com ([199.5.157.32])
>   by LAIR.LIONPOST.NET with esmtp (Exim 4.24)
> id 1EOx3o-ny-HQ
>   for [EMAIL PROTECTED]; Mon, 10 Oct 2005
> 08:47:20 -0400
>   Received: from [206.254.45.93] (helo= ruby.cynikal.net
> <http://ruby.cynikal.net>  ident=qmremote)
>   by LAIR.LIONPOST.NET with esmtp (Exim 4.24) id
> 1EOx3n-nt-5J
>   for [EMAIL PROTECTED] ; Mon, 10 Oct 2005
> 08:47:19 -0400
>   Received: (qmail 9881 invoked by uid 1018); 10 Oct 2005
> 13:10:36 -
>   Received: from localhost ([EMAIL PROTECTED])
>   by localhost with SMTP; 10 Oct 2005 13:10:36
> -
>   Date: Mon, 10 Oct 2005 09:10:36 -0400 (EDT)
>   From: Joe Baptista <[EMAIL PROTECTED]>
>   To: [EMAIL PROTECTED]
>   Message-ID:
> <[EMAIL PROTECTED]>
>   MIME-Version: 1.0
>   Content-Type: TEXT/PLAIN; charset=US-ASCII
>   Subject: [Pr-plan] BAD NEWS Re: IASON Root Domain
> Observatory (fwd)
>   X-BeenThere: [EMAIL PROTECTED]
>   X-Mailman-Version: 2.1.2
>   Precedence: list
>   List-Id: 
>   List-Unsubscribe:
> <http://LAIR.LIONPOST.NET/mailman/listinfo/pr-plan>,
><mailto:[EMAIL PROTECTED]> ?subject=unsubscribe>
>   List-Archive:
> <http://LAIR.LIONPOST.NET/pipermail/pr-plan>
>   List-Post:  <mailto:[EMAIL PROTECTED]> >
>  

Re: The Root has got an A record

[Joe Baptista]

On Tue, 11 Oct 2005, James Seng wrote:

> I am confused. Why is this (ie, public-root.net
><http://public-root.net>operation) of any concern to IETF?
>
>Even if this happens on "root-server.net <http://root-server.net>", the
>appropriate forum is to bring it to ICANN/IANA.

New rules of proceedure covering disclosure.  The Public-Root has done
more in it's troubles to polarize opinion, and that is a good thing.

cheers
joe

Joe Baptista, Official Public-Root Representative and Lobbyist to the
United States Congress and Senate / Tel: +1 (202) 517-1593

Public-Root Disclosure Documents: http://www.cynikal.net/~baptista/P-R/
Public-Root Discussion Forum: http://lair.lionpost.net/mailman/listinfo/pr-plan

On 10/10/05, Peter Dambier <[EMAIL PROTECTED]> wrote:
>
> See with your own eyes:
>
> ; <<>> DiG 9.1.3 <<>> -t any . @a.public-root.net<http://a.public-root.net>
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18588
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 15, AUTHORITY: 0, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;. IN ANY
>
> ;; ANSWER SECTION:
> . 172800 IN SOA a.public-root.net <http://a.public-root.net>.
> hostmaster.public-root.net.\
> 2005101006 43200 3600 1209600 14400
> . 172800 IN A 57.67.193.188 <http://57.67.193.188>
> . 172800 IN NS k.public-root.net <http://k.public-root.net>.
> . ...
> . 172800 IN NS j.public-root.net <http://j.public-root.net>.
>
> ;; Query time: 81 msec
> ;; SERVER: 205.189.71.2#53(a.public-root.net <http://a.public-root.net>)
> ;; WHEN: Mon Oct 10 16:01:11 2005
>
>
>  Original Message 
> Return-Path: <[EMAIL PROTECTED]>
> X-Flags: 
> Delivered-To: GMX delivery to [EMAIL PROTECTED]
> Received: (qmail invoked by alias); 10 Oct 2005 13:07:54 -
> Received: from LAIR.LIONPOST.NET <http://LAIR.LIONPOST.NET> (EHLO
> LAIR.LIONPOST.NET <http://LAIR.LIONPOST.NET>) 
> [199.5.157.32<http://199.5.157.32>
> ]
> by mx0.gmx.net <http://mx0.gmx.net> (mx072) with SMTP; 10 Oct 2005
> 15:07:54 +0200
> Received: from list.public-root.com <http://list.public-root.com> ([
> 199.5.157.32 <http://199.5.157.32>])
> by LAIR.LIONPOST.NET <http://LAIR.LIONPOST.NET> with esmtp (Exim 4.24) id
> 1EOx3o-ny-HQ
> for [EMAIL PROTECTED]; Mon, 10 Oct 2005 08:47:20 -0400
> Received: from [206.254.45.93 <http://206.254.45.93>] (helo=
> ruby.cynikal.net <http://ruby.cynikal.net> ident=qmremote)
> by LAIR.LIONPOST.NET <http://LAIR.LIONPOST.NET> with esmtp (Exim 4.24) id
> 1EOx3n-nt-5J
> for [EMAIL PROTECTED]; Mon, 10 Oct 2005 08:47:19 -0400
> Received: (qmail 9881 invoked by uid 1018); 10 Oct 2005 13:10:36 -
> Received: from localhost ([EMAIL PROTECTED])
> by localhost with SMTP; 10 Oct 2005 13:10:36 -
> Date: Mon, 10 Oct 2005 09:10:36 -0400 (EDT)
> From: Joe Baptista <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Message-ID: <[EMAIL PROTECTED]>
> MIME-Version: 1.0
> Content-Type: TEXT/PLAIN; charset=US-ASCII
> Subject: [Pr-plan] BAD NEWS Re: IASON Root Domain Observatory (fwd)
> X-BeenThere: [EMAIL PROTECTED]
> X-Mailman-Version: 2.1.2
> Precedence: list
> List-Id: http://pr-plan.LAIR.LIONPOST.NET>>
> List-Unsubscribe: <http://LAIR.LIONPOST.NET/mailman/listinfo/pr-plan>,
> <mailto:[EMAIL PROTECTED]>
> List-Archive: <http://LAIR.LIONPOST.NET/pipermail/pr-plan>
> List-Post: <mailto:[EMAIL PROTECTED]>
> List-Help: <mailto:[EMAIL PROTECTED]>
> List-Subscribe: <http://LAIR.LIONPOST.NET/mailman/listinfo/pr-plan>,
> <mailto:[EMAIL PROTECTED]>
> Sender: [EMAIL PROTECTED]
> Errors-To: [EMAIL PROTECTED]
> X-GMX-Antivirus: 0 (no virus found)
> X-GMX-Antispam: 0 (Mail was not recognized as spam)
> X-GMX-UID: /QI4Y8R1eSEkOtTJ43QhaXN1IGRvb4Di
>
>
> Folks - got some bad news. The Public-Root has aquired an A record - yup
> thats right - an A record. Which see below. Have tried to contact Paul
> Scheepers - our absent minded root operator - who now hovers very close to
> criminal conspiracy - to get him to fix this mistake. Noone is at home at
> the inn. Not good. See appened message to Peter Dambier and our
> public-root associates.
>
> I have no idea how a root will respond with an A record in it. Should be
> interesting - but have no doubt a few things out in the wild have been
> broken.
>
> regards
> joe
>
> -- Forwarded message --
> Date: Mon, 10 Oct 2005 09:03:04 -0400 (EDT)
> From: Joe Baptista <[EMAIL PROTECTED]>
> To: Peter Dambier <[EMAIL PROTECTED]>
> Cc: [EMAIL PROTECTED], [EMAIL PROTECTED],
> [E

Re: Root Anycast

[Joe Baptista]

On Tue, 18 May 2004, Paul Vixie wrote:

> > Paul, and other rootserveroperators (good scrabble word :), what would
> > your answer/problem/arguments/... be if an ISP would decide to inject
> > routes to the root-servers into their local network and point these
> > request to a local dns cache(s), which would have the correct routes to
> > the the global rootservers of course.
>
> if someone injects 192.5.5.241 (or any route which covers it) anywhere
> that a dns client will see it whose owner has not explicitly agreed to
> have their f-root service modified in this way, and then modifies the
> service (which means does something with the queries other than forward
> them to an ISC-owned server) then we would of course file a lawsuit of
> some kind, even if it meant opening an ISC office in some new place in
> order to have "standing."

I suggest you check isp's in the asia pacific region.  Standard practice
in some cases to intercept all dns including root traffic.  So i'm sure F
is one of them.

regards
joe baptista


___
Ietf mailing list
[EMAIL PROTECTED]
https://www1.ietf.org/mailman/listinfo/ietf

Re: Root Anycast

[Joe Baptista]

On Tue, 18 May 2004, Dean Anderson wrote:

> On 18 May 2004, Paul Vixie wrote:
>
> > The result is a service which has never been "down hard", not ever, not for
> > any millisecond out of the last 15 years.  This is "strength by diversity."
>
> This isn't quite true. There have been multiple server failures. And if I
> recall, I think that there have been quite a few servers (like 12 of 13)
> that have been down at one time in this timeframe.
>
> But I haven't been keeping close track.  If someone has been keeping
> operational stats (like outage date, cause, postmortem) on the roots, I'd
> appreciate a pointer to this...

Outage reports and an outage archives maintained by the legacy root
operators would be nice.

I also rmember many incidents over the years involving root server outages
- but it's never official.  usually someone discovers a problem and
sometimes a root operator responds.  Usually in NANOG.

cheers
joe baptista


___
Ietf mailing list
[EMAIL PROTECTED]
https://www1.ietf.org/mailman/listinfo/ietf

Re: Root Anycast

[Joe Baptista]

On 18 May 2004, Paul Vixie wrote:

> If you'd like to unify something, perhaps it could be DNS client behaviour
> and network-owner recursive caching forwarder design.  And while you're at
> it, please outlaw those fiendish DNS-based load balancers.  f-root should
> still be a 486DX2-66 like it was in ~1995, rather than fifty 1GHz pentiums,
> and the 500X load 10 years later is due to client stupidity, not population
> growth or backbone speed increases.

Not completely due to client stupidity,

http://www.theregister.co.uk/2003/02/05/dud_queries_swamp_us_internet/

it is however a factor :)

regards
joe baptista




___
Ietf mailing list
[EMAIL PROTECTED]
https://www1.ietf.org/mailman/listinfo/ietf

UWB - Ultra Wide Band - still experimental

[Joe Baptista]

Hi Folk:

I'm investigating Ultra Wide Band and TCP/IP applications.

Anyone here heard of UWB - ultra wide band.  A technology which looks to
have alot of potential to support TCP/IP protocols.  Unfortunately so far
all i have found are a few research papers - some news hype - and your FCC
regulations in the making but not much in the area of working networks
using UWB nor equipment.

Can anyone give me some pointers on equipment available, and pretty well
anything else which might be helpful from a tcp/ip point of view .. etc.
etc.

thanks
joe

-- Forwarded message --
Date: Sat, 21 Jun 2003 11:43:34 -0400 (EDT)
From: Joe Baptista <[EMAIL PROTECTED]>
To: Robert Ross
Subject: ultra wide band - still experimental


from what i have seen any commerical application is mainly experimental -
still.  I checked the ietf www.ietf.org for transmission or protocol
standards and there are non listed in the RFC directories.

the only standard so far in development relates to packet transmission
over uwb.  the potential is enormous but also the FCC is trying to
regulate UWB.  without a detailed review of the FCC regulations all i can
say is they look rushed - based on my initial examination yesturday.

i'm on a wifi email list i'll ask their opinions and see if i can get some
better focus on it.

regards
joe

Joe Baptista - only at www.baptista.god

  Free Tibet http://free.tibet/

Internet Voting and user participation systems - Research questionfrom Baptista

[Joe Baptista]

Hi all:

I'm doing research on what is available with respect to web based (or
email) interfaces that support political participation at the grass roots
level (bottom up).  This includes voting and organizational systems or
user based communities.

Please email me back private - especially if your getting this message in
a newsgroup so i don't inadvertently miss it.

cheers
joe baptista

Joe Baptista - only at www.baptista.god

"Those are mercenaries. Most probably they will be treated as
mercenaries, hirelings and as war criminals. ... For sure,
international law does not apply to those"
 ... Muhammed Saeed al-Sahaf former Iraqi Information Minister

IETF Patent Licenses are RAND (fwd)

[Joe Baptista]

fyi

Joe Baptista - only at www.baptista.god

 John de Laet
 a personal and
 professional website
 http://www.paw.low/

-- Forwarded message --
Date: Thu, 20 Mar 2003 12:04:21 -0800
From: Lawrence E. Rosen <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: IETF Patent Licenses are RAND

To: The Open Source and Free Software Community

Until my eyes grew dim, I reviewed the long collection of patent
licenses on http://www.ietf.org/ipr.  All I saw were RAND or worse.
While some IETF members may have a preference for RF patent licensing,
clearly that standards organization isn't getting any RF patent licenses
worthy of the name.

The situation in IETF is far worse than I feared.  The current IETF
patent policy is leading to all-RAND-all-the-time.

As I understand the GPL, none of the IETF standards that include that
patented technology can be implemented under the GPL because of its
Section 7.

Any open source projects implementing IETF standards should carefully
review the IETF IPR list to ensure that they have proper patent
licenses.

Anyone who is concerned that the current IETF patent policy has allowed
this situation to occur should contact IETF and request that
organization to revise its patent policy.

/Larry Rosen
General counsel, Open Source Initiative
Rosenlaw & Einschlag, a technology law firm
3001 King Ranch Road
Ukiah, CA 95482
707-485-1242 * fax: 707-485-1243
[EMAIL PROTECTED]
www.rosenlaw.com

--
license-discuss archive is at http://crynwr.com/cgi-bin/ezmlm-cgi?3

Re: Why not a ".IETF" TLD? (was: Re: Financial state of the IETF...)

[Joe Baptista]

.IETF already exists - try not to duplicate namespace.

Joe Baptista - only at www.baptista.god

   PoserTutor - How to use Poser http://posertutor.nomad/
   registration facilities in the inclusive namespace

On Sun, 16 Mar 2003, Peter Deutsch wrote:

> g'day Randy,
>
> Randy Bush wrote:
> >
> > > At one point some of us tried to use the .org redelegation to help fund
> > > the IETF. [1] We didn't win but the ISOC's bid did win. Did the ISOC make
> > > the same commitment, could they divert some funding from .org domain
> > > registrations to support the IETF?
> >
> > how would they justify this?  i.e. s/org/net/ or s/org/uk/ and how
> > does it work out?
>
> I'm not sure I understand the question, but maybe you're just waxing
> rhetorical?
>
> If the question is should PIR help support the IETF, it would seem to
> fall within their mission, if they chose to do so. After all, their home
> page states:
>
>  "PIR looks forward to serving the .ORG community by
>   providing superior technology; new services designed
>   for noncommercial registrants; and responsive,
>   responsible stewardship."
>
> Note the line about "providing superior technology", which could be
> interpreted as supporting improvements to DNS technologies, at the
> least. Wouldn't be much of a stretch to say it could also cover
> supporting developments at the transport layer. Given the relationship
> between ISOC and the IETF you could make a similar argument about this
> being within *their* mandate, as well.
>
> Still, AFAIK PIR haven't actually made any specific commitments to
> helping out the IETF, so it wouldn't be appropriate to try to strong-arm
> them into offering to do so now, but I see no reason why we shouldn't
> push for revenues from a specific TLD to support the overall mission of
> the IETF in the future. Folks who support the IETF's goals and mission
> could use their patronage of the "IETF TLD" to show their support and
> provide specific finiancial aid. It would act as sort of an "affinity
> TLD service", just like those affinity credit cards, where a portion of
> the money spent goes as a subsidy to your favorite worthy cause.
>
> In fact, I'm surprised that this isn't being done already, since it
> seems such an obvious step. It would certainly be appropriate to set up
> an "IETF domain" to pay for the secretariat, mailing list hosting, a
> full-blown set of archives, etc. Meeting fees could then be used to fund
> only the incremental cost of a participant's physical presence (such as,
> of course, the cookies...)
>
>
>
> Let's look at the numbers for a minute. The IETF's non-meeting costs are
> somewhere on the order of $1.3 million, and the meetings are something
> on the order of $1.2 million (from slide 3 of Harald's presentation).
> This means that the meeting's direct costs are only about $250 per
> attendee per year (assuming three meetings per year and about 1.6k
> attendees per meeting).
>
> So, if the new TLD fees could raise something like $1.3 million clear
> (after the expenses of actually providing the TLD servers, which of
> course are ripe for donations, subsidies, etc) then you would only need
> to charge something like $250 per person per year for the actual
> meetings, which is obviously less than is charged now.
>
> So let's set the target at $2 million to cover the cost of a small TLD
> service, plus a little extra to build up the rainy day fund.
>
> How realistic is it to consider raising $2 million per year in domain
> registrations?
>
> Here's where I need to wave my hands a little and you need to use your
> imagination, but if you charge, say, $50 per reg, this is 40,000
> entries. Make it something like $200/year each and you need only 10,000
> to hit your target. Are there 20,000 people out there who'd pay $100 per
> year to have a cool "[EMAIL PROTECTED]" email address? I suspect so.
>
> And of course, you can reduce this number further if you still allow
> some cross-subsidy from the meeting fees, you can still push for
> corporate donations (say for servers or hosting services to reduce the
> service costs), etc. Here's where a full time DNS business manager could
> probably pay for him or herself in no time at all by drumming up
> equipment donations and hosting subsidies.
>
> In any event, there are today something like 2,000 people who already
> pay something like $500 per visit to the IETF over the course of a year
> for their meeting fees. Assuming you've reduced the meeting fees, or
> simply rolled the

Re: A charter for the IESG

[Joe Baptista]

why don't you have an irc meeting so we can all publically give our
comments on this.

regards
joe baptista

Joe Baptista - only at www.baptista.god

  Free Tibet http://free.tibet/

On Fri, 7 Mar 2003, Harald Tveit Alvestrand wrote:

> Hello,
>
> in December, I published an internet-draft called
> "draft-iesg-charter-00.txt", containing a proposed text for an IESG charter.
> A revised version (-01) was published in January based on comments.
>
> A version with some further clarifications is created, but not published
> before the cutoff - it's available at
> http://www.alvestrand.no/ietf/chair/iesg-charter.txt
>
> Some discussion has taken place on the POISED list
> ([EMAIL PROTECTED]), but the point has been made that for such a
> potentially important document, the IETF list may actually be a more
> appropriate venue for discussion. Hence this note.
>
> This IESG charter attempts to capture what the IESG has believed that it
> has been asked to do by the IETF community. Most of the document is simply
> collecting references to sections of other IETF BCP documents, and
> attempting to form a coherent picture of what the IESG is supposed to be
> doing. I do not believe that it shows the IESG to be much different from
> what the community currently believes it is.
>
> What I hope to do with this document is:
>
> - Discuss it on this mailing list and on the POISED mailing list as the
> community finds appropriate
>
> - Discuss it privately in San Francisco with those who are concerned, and
> in the plenary if there are questions raised from the community
>
> - Send out a revised version some time after San Francisco
>
> - Issue a four-week Last Call for BCP on the document once discussion has
> stabilized
>
> - Approve it for BCP before the Vienna IETF
>
> At the Vienna IETF, the "problem" working group is scheduled to make a
> consensus call on the process for *changing* the IETF process. While the
> shape of the result is still unknowable, I believe it's likely that among
> the outputs of such a process will be a greatly changed IESG charter.
>
> But until then, I believe there is value in publishing this document.
>
> What does the community think?
>
>  Harald Alvestrand
>
>
>
>
>

Re: Warning about the use of abusive language

[Joe Baptista]

On Thu, 20 Feb 2003, Harald Tveit Alvestrand wrote:

> Accusations of "dishonesty" and "fraud" in a technical discussion are
> normally considered "unprofessional".

Harald - I must agree with the views expressed by Dr. Bernstein.  As you
know Harald I have had the pleasure of watching the i$ociety these past 10
years and the facts clearly show many members of the same use dishonesty
and fraud as their currency of choice.

> >   2. IETF participants develop and test ideas impartially, without
> >  finding fault with the colleague proposing the idea.
> >
> >  We dispute ideas by using reasoned argument, rather than through
> >  intimidation or ad hominem attack.  Or, said in a somewhat more
> >  IETF-like way:

yes - thats one thing thats nice about the ietf.  at least when it works.

love and kisses
joe baptista

Joe Baptista - only at www.baptista.god

  .film domain registration available at http://www.register.film
 another inclusive namespace Top Level Domain

Re: axfr-clarify breaking RFC 1034

[Joe Baptista]

On 19 Feb 2003, D. J. Bernstein wrote:

> If the BIND company wants the RFC 1034 rule changed, they can propose
> that, and we'll discuss the costs and benefits. Instead they're trying
> to slip the change past us as a ``clarification.'' You know they're
> lying; why are you condoning dishonest behavior?

maybe it's because the bind company is a vixie thingy.  and we all know a
good portion of the i$ociety owe saint vixie.

regards
joe baptista

Re: FW: Please recant or appologize to Jim Flemming

[Joe Baptista]

On Wed, 8 Jan 2003, jfcm wrote:

> Are others receiveing mails twice on this list?
>
> BTW I suggest you make some more home work on Jeff. As an IETF scientist.
> Assume what Jeff says is true and try to understand how that can be. The
> brain behind is  cute and consistent. He certainly enjoys the fun of the
> litterature and FAQs on him ... since he actually wrote/writes parts of it
> :-).

i'm a fan.  someday i hope to meet jeff and maybe fly him down to my mars
retreat.  oops have i just said something incriminating ?

the real fools are the ones who write endless streams of devoted affection
to him.  he informed.  involved.  i've always considered him an evolved
intellectual life form - probably our first self made electronic citizen.

he certainly commands their attentions.

Cheers
Joe Baptista

--
Planet Communications & Computing Facility
a division of The dot.GOD Registry, Limited

SWAMP SPACE 192/8 thru 205/8

[Joe Baptista]

I understand swamp space is 192/8 thru 205/8.  Am I correct.  Also can
anyone provide me with a history of how these allocation got that name
??? swamp space ???

Thanks in advance.

Cheers
Joe Baptista

--
Planet Communications & Computing Facility
a division of The dot.GOD Registry, Limited

Re: FW: Please recant or appologize to Jim Flemming

[Joe Baptista]

On Wed, 8 Jan 2003, Franck Martin wrote:

>
> http://www.dnso.org/clubpublic/ga/Arc10/msg01532.html

The interesting thing about Jeff Williams is that he could be anyone.
Maybe a soviet spy whos still out in the cold.  Or a U.S. government
agent living in a missile sile somewhere in Kansas - or is that Texas.
Who knows.  To date many members of the press have quoted Jeff
extensively.  And I have yet to see any of those members of the press
correct their copy when these claims that he is a fiction are made to
them.  They check their fact - don't they?

Obviously he must be for real - the press would not lead us astray
claiming him to be a expert without verifiable proof.  Or would they?
hmmm?

The one thing I do know about Jeff Williams.  If he is a fiction - the man
is abviously a genious having imposed himself far and wide fooling even
the press showing us that reporters are fools to be had.  If he is for
real - well the press already considers him an expert in the field so
there's no contest there.

cheers
joe baptista

Re: vote now...vote often

[Joe Baptista]

is vint cerf on the list?

On Mon, 6 Jan 2003, Richard Shockey wrote:

>
> ---
> 5) Power Bracket Game: Who's the most powerful person in
> networking?
> ---
> Decide in our2003 Power Bracket Game. We've used the results
> from our annual Power CEO survey to come up with a list of 64
> possible people. Start winnowing the field with today's
> matchups: IAB Chair Leslie Daigle vs. Sprint CEO Bill Esrey and
> Fidelity CIO Don Halle vs. SAP America President Bill
> McDermott. We'll run two matchups every weekday until we get to
> the semi-final round.
>
> DocFinder: 3736
> http://www.nwfusion.com/power/2002/bracket.html
>
> -
>
>
>  >
> Richard Shockey, Senior Manager, Strategic Technology Initiatives
> NeuStar Inc.
> 46000 Center Oak Plaza  -   Sterling, VA  20166
> Voice +1 571.434.5651 Cell : +1 314.503.0640,  Fax: +1 815.333.1237
>  or 
>    ; 
> <
>
>

RE: namedroppers, continued

[Joe Baptista]

On Fri, 6 Dec 2002 [EMAIL PROTECTED] wrote:

> proposal of mailfrom dns record - http://www.vix.com/~vixie/mailfrom.txt or

I've had a look at vixies proposal and it's a good one.  I certainly would
welcome something like the mailfrom dns record.

regards
joe baptista

RE: naming debates

[Joe Baptista]

On Wed, 4 Dec 2002, Mark Harris wrote:

> When over a dozen people make comments of interest, regarding a topic on the
> list, would it not seem that some people are not tired of it?
>
> What is the process, within the IETF, if a group sees interest in pursuing a
> topic, while not burdening others, like yourself?

What were dealing with here Mark is a political issue. Known
ietf/icann/doc insiders have a pressing need to limit debate on the
issues.

Indeed dns, naming and root service is very much an ietf topic of
interest.  Thats why the drum banging is so loud.  It serves the special
interest on this list that such debate be limited or altogether
eliminated.

cheers
joe baptista

Re: new.net (was: Root Server DDoS Attack: What The Media Did NotTell You)

[Joe Baptista]

On Mon, 2 Dec 2002 [EMAIL PROTECTED] wrote:

> Notice that you don't get the lower prices and cartel breaking by increasing
> the number of domains, you get it by increasing the number of registrars.

I disagree.  The current arrangement of increasing registrars looks alot
like a multi level marketing scam.  Basically the goal is to squeeze every
penny out of the dot.com universe.  It' don't wash.

Users want *.choice in their tlds.  The whole idea behind tlds are to
establish simple nameing conventions which give users of domains
an internet precense.  unfortunately there's not much choice in the
existing USG root infrastructure.  Users are by their nature creative when
it comes to naming concervtions and i'm sure they would have more fun in
the alt.universes then they do in the USG system.  Unfortunately the USG
is not very creative in this regard.

regards
joe

Re: new.net (was: Root Server DDoS Attack: What The Media Did NotTell You)

[Joe Baptista]

On Fri, 29 Nov 2002, Keith Moore wrote:

> > > Well, it also matters that the set be constrained to some degree.
> > > A large flat root would not be very managable, and caches wouldn't
> > > be very effective with large numbers of TLDs.
> >
> > That's old fiction.  If it works for .com it will work for ".".
>
> well, it's not clear that it works well for .com.  try measuring
> delay and reliability of queries for a large number of samples
> sometime, and also cache effectiveness.
>
> let's put it another way.  under the current organization if .com breaks
> the other TLDs will still work.   if we break the root, everything fails.

I just can't buy the argument.  The root won't break.  .com works fine -
so would the root.  The only issue would be vulnerability - if the roots
were under attack and the "." file was as large as the .com zone - then i
would imgine there would be a significant problem.  These same
vulnerability issues exist for the .com zone everyday.  It's a very
vulnerable namespace to attack.

Thats about the only significant problem i see to a "." file being as
large as .com.

regards
joe baptista

Re: new.net (was: Root Server DDoS Attack: What The Media Did NotTell You)

[Joe Baptista]

On Fri, 29 Nov 2002, Keith Moore wrote:

> > It doesn't matter who selects the TLDs;
> > all that matters is that there be a consistent set.
>
> Well, it also matters that the set be constrained to some degree.
> A large flat root would not be very managable, and caches wouldn't
> be very effective with large numbers of TLDs.

That's old fiction.  If it works for .com it will work for ".".

I don't see much in the way of difficulties here.

regards
joe baptista

Re: new.net (was: Root Server DDoS Attack: What The Media Did NotTell You)

[Joe Baptista]

On Wed, 27 Nov 2002, Dave Crocker wrote:

> if new.net were so sure of the efficacy of their approach, why do they
> (redundantly) use new.net in the ICANN/IANA root?

they want to be backwards compatible with the old legacy internet.

Re: namedroppers mismanagement, continued

[Joe Baptista]

Bernstein - I'm not surprised this is happening.  I've experimented with
your dns daemon and it is by far superior to the existing bind
implimentations.  So I'm frankly not very surprised Bush don't like your
posts.  But I will admit the behaviour is juvenile.  But again this should
not surprise us.

But to end this on a positive note - let me make clear I admire your work.

regards
joe baptista

On 26 Nov 2002, D. J. Bernstein wrote:

> I've sent twelve messages to the namedroppers mailing list this month.
> Five of them have been silently discarded by the namedroppers censor,
> Randy Bush. (See http://cr.yp.to/djbdns/namedroppers.html for previous
> incidents.)
>
> Bush says that the only relevant feature of my messages is that they're
> sent from an address that isn't subscribed to namedroppers. Okay, boys
> and girls, let's look at some statistics:
>
>* 5/12 of my messages have been silently discarded;
>
>* according to Bush, this has nothing to do with me or the content,
>  so we estimate that about 5/12 of all non-subscriber messages have
>  been silently discarded;
>
>* in the past three months, there have been about 100 legitimate
>  messages from other people who Bush labelled as non-subscribers;
>
>* so we estimate that, in the last three months, Bush has silently
>  discarded about 71 legitimate messages from other people. That's a
>  rate of hundreds per year.
>
> Bush doesn't say ``Your message didn't go through.'' Bush doesn't say
> ``Reply to this bounce to confirm your original message.'' He simply
> throws the message away.
>
> This is supposed to be the mailing list for an open IETF working group.
> It's outrageous that valid messages are being silently discarded---even
> if the number is not as large as hundreds per year.
>
> ---D. J. Bernstein, Associate Professor, Department of Mathematics,
> Statistics, and Computer Science, University of Illinois at Chicago
>
> P.S. Out of my twelve messages, the five that were silently discarded
> are exactly the five that I would pick if I were a censor trying to bias
> the DNSEXT decisions in favor of the BIND company. Coincidence, right?
>
> P.P.S. Bush's mailing-list software doesn't cryptographically confirm
> unsubscription requests. I kept my subscription address private until
> Bush revealed it a few days ago. I'm working on obtaining a subscription
> through an address that Bush doesn't know is connected to me.
>

Re: Root Server DDoS Attack: What The Media Did Not Tell You

[Joe Baptista]

On Mon, 25 Nov 2002, Joe Touch wrote:

> > community.  A root server operator.  You even went along with postel
> > on the hi-jacking (or was that test) if the root servers.  Paul your a
>
> How about proof of the hi-jacking? (sauce for the gander)
>
> Until then, please keep your attacks those who are still able to defend
> themselves.

I always support my allegations.  Proof of Hi-jacking GO HERE

the email:

http://www.law.miami.edu/~froomkin/articles/icann-notes.htm#F175

the event:

http://www.law.miami.edu/~froomkin/articles/icann-body.htm#B175

Gordon Cook I understand can attest to this.  He trolls here from time to
time.  He overheard Postels end of the conversation.  This of course is
well know internet history.

Gordon Cook also has reported on it - see his home page -
www.cookreport.com.

regards
joe baptista

Re: Root Server DDoS Attack: What The Media Did Not Tell You

[Joe Baptista]

On Mon, 25 Nov 2002, Melinda Shore wrote:

> >I ask that you refrain from this shameful conduct.
>
> Ahem.
>
> As amusing as all this isn't, operational issues really
> don't belong on the ietf mailing list.  Let me add my voice
> to the growing chorus of people who have asked you to take
> it elsewhere.

melinda - my appoligies.  i've been ignoring the regular insults which are
to be expected when one challenges the establishment.  However one can not
ignore paul vixie when he comes out and calls one a dns pirate.  That
borders on slander and liable - after all mr. vixie is worshipped far and
wide.  his pebbles of wisdom are scattered on the masses infrequently.

paul and i also enjoy a very long history.  unfortunately as far as the
history is concerned for much of that time paul has been a very unappy
camper.

now i appreciate this group.  very little sillyness goes on here.  i
personally am no longer responding to the thread - unless of course some
other net god cares to make libelous statements.  i am no dns pirate - i
consider myself and am a dns pioneer.

cheers
joe baptista

Re: Root Server DDoS Attack: What The Media Did Not Tell You

[Joe Baptista]

On 23 Nov 2002, Paul Vixie wrote:

> vint, the thing you're not including in your analysis is that mr. baptista
> is a dns pirate and his article in circleid was entirely self-serving and
> politically based.

Paul baby - it's a honour to get such recognition from you.  But where's
your Proof?

Now Paul - I find it somewhat entertaining that you would crawl out of
your wintering hole and growl at me and make false accusation i can use
againts you.  Thats not nice Paul.  And frankly it's my opinion that such
baseless jibberish is below you.  Your a recognized leader in this
community.  A root server operator.  You even went along with postel
on the hi-jacking (or was that test) if the root servers.  Paul your a
legend in internet history.  What you have to say carries weight here.
Yet your so quick to anger and libel.  I ask that you refrain from this
shameful conduct.

or give me proof of your claims?

> > The issue is less the size of the file than the problem of updating many
> > copies of it reliably. The root server operators find it a challenge to
> > assure that even the modestly sized root zone file is correctly distributed
> > to all root servers accurately and in a timely fashion.
>
> that's our issue.  mr. baptista's issue is that he wants everyone on the net
> to have their own unique root, each with a set of tld's seasoned to local
> tastes, ideally with many of them pointing at tld's he controls.  this is no
> different in its end result from what new.net wants, it's just a different
> method of achieving it.

I'll tell you what mr. baptista wants.  he wants a zone file that
is simular to the .com file.  A place where everyone can get their own
tld.  The roots are irrelevant to the issue - they are simply a false
monopoly obstacle in a game where the end user is in charge.  The current
USG root monopoly is built on ignorance and mr. baptista wants to see that
ignorance evaporate.

> the thing that surprised me was that circleid actually published his article,
> including URL at the end (http://www.dot-god.com/resources/ROOT.html) which
> points to mr. baptista's activism/piracy site.  i had not thought of circleid
> as a tabloid until yesterday.

Paul - there's no other place to put it.  You'll notice in my other
articles published at circleid that i use lists.

example:

http://www.circleid.com/articles/2539.asp

in this case i linked to an ipv6 list of isp's as the story was on ipv6.

it's important that my readers have references to investigate.  something
i don't find in many articles these days.

but i do appreciate your concern.  i'll suggest to my editor that any
lists i use he feel free to duplicate on circleid.  now paul i can't make
any promisses.  means more work - but at least your feedback will be
heard.

> (what's worse, i think that we are both now guilty of feeding the trolls.)

well if i'm a troll then you've been a tasty nibble.

but paul - let's try to get along here.  the ietf list is one of the few
lists i'm on which is civilized.  let's try to work towards that together.

kindest regards
joe baptista

Re: Root Server DDoS Attack: What The Media Did Not Tell You

[Joe Baptista]

let put this back in public.  You've made a very good point.

On Mon, 25 Nov 2002, [ISO-8859-1] Måns Nilsson wrote:

> So why are you using a real domain name for email? Try eating your own dog
> food and don't bother the rest of us. We have a working Internet to run.

Backward compatibility.  It's as simple as that.  Now if the ietf is will
to resolve .god on their mailservers I would be pleased to start posting
with [EMAIL PROTECTED]  We could call it a test of some sort.  Should
we vote on that.  I'm all for it.

regards
joe baptista

Re: Root Server DDoS Attack: What The Media Did Not Tell You

[Joe Baptista]

On Sun, 24 Nov 2002 [EMAIL PROTECTED] wrote:

> On Sun, 24 Nov 2002 10:56:51 EST, Joe Baptista said:
> > No - and I can confirm that non exists or at least i have not seen any in
> > the public arena.
>
> So there's *NO* public data to back it up that you know of..  They claim to
> have several times more customers/users/whatever than even AOL, and *there is
> no data* to back that up?

I accept their claim.  Much like I accept most data I get on the net -
including my own.  Basically I feel most data - including public - can be
challenged.  Postel once described the net as a very big space.  And i
feel the "space" is very hard to quantify.  I've seen many attempts and
i'm not that confident of their accuracy - at best the methodologies
employed show trends.

If I had time i'd investigate the claim myself.  But if you go to their
web page you will see the isp's who they pay to carry their part of the
namespace universe - which see www.new.net.  There are some big names
there and i'm sure a poll of those companies on their user bases can
validate or invalidate new.net's claims.

> The truly interesting question would be: How much of their traffic is
> "value-added", and not just acting as a caching name server for the current
> root?  If they have 150M users, but only 379 of them use it as anything other
> than a cache for the existing root, they're no more interesting than any
> of the other alt.roots that you label "peanuts".

Exactly.  I'm in 100% agreement overall here.  The .god and .satan top
level domain registries have over 8,000 domains registered this past year.
And most of them are parked.  They have been paid for but only a few
hundred resolve.  And this considering we have over 1000 users and a
majority of domains are registered to two bulk users.

And much of the same applies to most of the domains in the alt.root
universes.  alot of domains at namespace seem to be attached to something
- usually a web site - but most of those are web spaces set up by
namespace or namespace friends.

> But I doubt we'll get any hard data of *that* detail when they haven't even
> quantified how many users they have.

Well the one thing that really bother me about new.net is that they don't
do more.  OK - so let say their 156 M figure is bullshit.  I can live with
that.  But still whatever figure it is - I still think it's significant.
Even if they just have a 10% market share - it's still significant.

But the users of these ISP's are mainly ignorant of the fact that these
additional namespace options exist.  I find it surprising they have not
effectively marketed themselves through their existing user population.
Maybe i'm missing something here.  156 M people could easily start a
trend.

> > But I would not discount new.net's claims.  I'm sure they can support
> > their claims.  At the very least they do have market share in root server
> > operations irrespective of the means used to calculate it.
>
> No data, but they want you to believe them anyhow.
>
> It's called "Snake Oil", Joe

it's all snake oil Valdis.  I see no difference between the ICANN or
new.net snake oil.  it's simply a snake oil of a different colour.

regards
joe baptista

Re: Root Server DDoS Attack: What The Media Did Not Tell You

[Joe Baptista]

On Sun, 24 Nov 2002, Vernon Schryver wrote:

> > From: [EMAIL PROTECTED]
>
> > ...
> > The truly interesting question would be: How much of their traffic is
> > "value-added", and not just acting as a caching name server for the current
> > root?  If they have 150M users, but only 379 of them use it as
> > anything other
> > than a cache for the existing root, they're no more interesting than any
> > of the other alt.roots that you label "peanuts".
> > ...
>
> It seems likely for several reasons that spammers would be among the
> organizations most likely to buy names from the other roots if they were

oh no spam.  no one was talking about spam.  were just talking about root.
your the first to mention spam and your right no one would buy domains in
the alt universe for smtp service.  http for sure is used today.  the
alternative roots have spam free domains on the internet.

but then how many spammers use ficticious domain names in the USG
internet.  Alot!

And I take exception to you claiming these roots are ficticious.  They are
the future of root service.

regards
joe baptista

Re: Root Server DDoS Attack: What The Media Did Not Tell You

[Joe Baptista]

On Sun, 24 Nov 2002, Pekka Savola wrote:

> I don't think any source related to new.net regarding this can be treated
> as reliable.
>
> Do you have independent estimates or some rough data?

No - and I can confirm that non exists or at least i have not seen any in
the public arena.

But I would not discount new.net's claims.  I'm sure they can support
their claims.  At the very least they do have market share in root server
operations irrespective of the means used to calculate it.

I've cc'ed new.net on this - let's see if they respond.

regards
joe baptista

Re: Root Server DDoS Attack: What The Media Did Not Tell You

[Joe Baptista]

On Sat, 23 Nov 2002, vinton g. cerf wrote:

> joe, this makes no sense to me - the cacheing mechanisms are essentially
> doing what you suggest. That's one of the reasons the system is resilient.

I agree and beutifully so.  I take my hat off to the crew which put the
dns together in the first place.  A good example is discussed from time to
time on the [EMAIL PROTECTED] mailing lists.  As you may know ICANN has refused
to update some cctld records - but those cctlds continue to resolve.  SO
yes I agree it is very resilient.

> But you need to invalidate the cache to deal with changes to the binding
> of domain name and IP address. Simply mirroring everything doesn't improve
> things, in my estimation. In fact, trying to mirror everything everywhere
> has a massive update problem. Cacheing spreads the update process over time.

But does it matter.  We both agree it's a resilient system.  Eventually
the updates are done.  I don't see an issue here.  Like I said before the
USG root file has carried incorrect information on cctlds and the system
still resolved.

> The USG doesn't actually run the root server (although some of the root
> servers are in fact housed at USG supported laboratories). The Dept of
> Commerce in effect delegates the actual operation to the root server operators.

Well who owns this monopoly.  Whoever has control of the roots has control
of the 70% USG monopoly.

> The issue is less the size of the file than the problem of updating many
> copies of it reliably. The root server operators find it a challenge to
> assure that even the modestly sized root zone file is correctly distributed
> to all root servers accurately and in a timely fashion.

well .. maybe the root committee or the security committee could
investigate sponsoring root servers systems worldwide and work on solving
the update issue and the ietf i'm sure can help.  After all the icann
through GAC is an international organization - or at least wants to be.
Your mission should be to reduce international dependence on a US centric
root system.

I feel the single root approach that stuart lynn advcated and established
as icann policy is a bit lame for todays high speed web servers.

Of course I always appreciate your views on this.

regards
joe baptista

>
> At 09:10 AM 11/23/2002 -0500, Joe Baptista wrote:
> >To survive a sustained DDOS attack against the roots, the best solution
> >an ISP has is to run its own system and eliminate any dependence on the US
> >government for basic internet services. It would also be prudent for other
> >primary namespaces like .com. Unfortunately, though, it would require a
> >considerable amount of resources -- the .com zone file alone is well over
> >a gigabyte in size. But the root file is very manageable and can easily
> >be run on an ISP's local domain name servers.
>
> Vint Cerf
> SVP Architecture & Technology
> WorldCom
> 22001 Loudoun County Parkway, F2-4115
> Ashburn, VA 20147
> 703 886 1690 (v806 1690)
> 703 886 0047 fax
>

Re: Root Server DDoS Attack: What The Media Did Not Tell You

[Joe Baptista]

On Sat, 23 Nov 2002, vinton g. cerf wrote:

> Louis Touton is Vice President and General Counsel of ICANN.

Sorry about that.  Must be a cut and paste typo I missed.  I'll have it
fixed.

> ICANN has had a root server advisory committee from early days, working
> on root server placement to improve resilience; the security and
> stability advisory committee was created in the wake of 9/11 and
> has increased the priority of root server security evaluation.

I know.  It a very patriotic committee - but what exactly has it done
concerning root security.  I'd like to examine the documents the committee
presented in shanghai - but i can't find it on the web site.

Basically I'm interested to know if they addressed these recent attacks.
Like everyone else I heard the rumour -

"Informed sources at ICANN expect that the committee will initially
recommend that ISPs take steps to prevent packets with forged IP addresses
from  being used in DDOS attacks."

But I've seen nothing so far.

regards
joe baptista

>
> At 09:10 AM 11/23/2002 -0500, Joe Baptista wrote:
> >The attack, however, should come as no surprise to ICANN (Internet
> >Corporation for Assigned Names and Numbers), the Department of Commerce
> >contractor responsible for root security. Over the years, ICANN has been
> >warned that the existing root infrastructure was vulnerable to attack, but
> >the warnings have been largely ignored. Now, however, ICANN President
> >Louis Touton insists that the attacks "make it important to have increased
> >focus on the need for security and stability of the Internet." ICANN's
> >Security and Stability Advisory Committee quickly moved in to investigate
> >the incident. The committee is expected to produce a report on securing
> >the edge of the USG Domain Name System network.
>
> Vint Cerf
> SVP Architecture & Technology
> WorldCom
> 22001 Loudoun County Parkway, F2-4115
> Ashburn, VA 20147
> 703 886 1690 (v806 1690)
> 703 886 0047 fax
>

Re: Root Server DDoS Attack: What The Media Did Not Tell You

[Joe Baptista]

On Sat, 23 Nov 2002, vinton g. cerf wrote:

> where are these statistics from - I cannot believe that more than a few
> percent of the net uses non-USG root.

It's much more then that Vint.  The last poll I conducted on the dns
showed at least 5%.  But that was a few years ago.  The 30% comes from
various discussions we had concerning new.net.  At the time the internet
had about 300 million users - estimated by various sources and new.net
claimed some 80 million users.  The bulk of the argument was held on the
opensrs discussion lists hosted by tucows.

So I have no doubt the estimate of 30% is now very conservative
considering new.net now claims over 156 million users - but i don't know
the user stats for current user population.  However I suspect their
market share has grown significantly since the 30% estimates.

So there you have it - new.net is your competition by market share.  the
other alt.roots are peanuts in comparison.  Now mind you new.net has
purchased the right to be the navigator of record for those 156 million
users.  Unlike the USG root system which does not buy the publics
affections.

regards
joe baptista

>
> Vint
>
> At 09:10 AM 11/23/2002 -0500, Joe Baptista wrote:
> >The root servers struck by the attack assist computers in translating
> >Internet domain names, such as www.circleid.com, to numeric equivalents
> >used by computers. These servers provide the primary roadmap for 70% of
> >all Internet communications. The remaining 30% of the net now uses
> >competing root service providers who bypass the USG root system. They were
> >not under attack.
>
> Vint Cerf
> SVP Architecture & Technology
> WorldCom
> 22001 Loudoun County Parkway, F2-4115
> Ashburn, VA 20147
> 703 886 1690 (v806 1690)
> 703 886 0047 fax
>

Re: Root Server DDoS Attack: What The Media Did Not Tell You

[Joe Baptista]

On Sat, 23 Nov 2002, Rick Wesson wrote:

> see http://www.icann.org/committees/security/ for a list of the documents
> the group has produced and presented to date.

there's not much there.  it's lacking any response to the ddos incident.

regards
joe baptista

Root Server DDoS Attack: What The Media Did Not Tell You

[Joe Baptista]

It's time to consider multiple root servers and an education campaign to
give name server operators some options.

The .com name servers are the most vulnerable.  The USG root is not as
vulnerable.

Original story indexed at:

URL: http://www.circleid.com/articles/2553.asp

DDoS Attack: What The Media Did Not Tell You
November 20, 2002  |  By Joe Baptista

On Monday, October 21, a "distributed denial of service" (DDOS) attack
struck 9 out of the 13 root servers operated by a number of contractors on
behalf of the United States Department of Commerce (USG). The next day,
the Washington Post reported, "The heart of the Internet sustained its
largest and most sophisticated attack ever."

This claim was only partially true. The classic hacker attack was indeed
the largest ever witnessed in 20 years of root history -- in fact, it was
the first attack against the roots.

But claims that the attack was "sophisticated" were bogus. Most network
operators were of the opinion that the attack showed a serious ignorance
of the domain name system (DNS) and general network operations. A great
deal more damage could have been done if the individuals responsible had
targeted the DNS directly. At worst the attack was a test or probe for a
potential future attack.

The root servers struck by the attack assist computers in translating
Internet domain names, such as www.circleid.com, to numeric equivalents
used by computers. These servers provide the primary roadmap for 70% of
all Internet communications. The remaining 30% of the net now uses
competing root service providers who bypass the USG root system. They were
not under attack.

According to statements by U.S. Federal Bureau of Investigation (FBI)
director Robert Mueller, the incident lasted about an hour and originated
from computers in the United States and Korea. Most often, computers used
in the DDOS assaults are commandeered by hackers either manually or
remotely with the help of automated software tools that scan millions of
computers for known security holes. These computers often belong to
unsuspecting home users. An FBI spokesperson confirmed that the incident
was still under investigation.

Fortunately, despite its size, the attack had no impact on the Internet,
and no users or computers were affected. The USG root server system
contains only 258 top-level domains, of which 243 are ccTLDs (country code
top-level domains) and the rest are generic top-level domains (gTLDs) like
.com, .org and .net. In comparison to many Internet root server systems,
the USG is the smallest. As a result of its limited size, most of the
information contained in that root is cached by Internet Service
Providers (ISPs) and refreshed every 48 hours. Under those circumstances,
Internet users would not have noticed the one-hour attack even if all 13
roots had been successfully blocked the entire time. There simply was not
enough time for the cache records at ISPs to expire long enough for anyone
to notice.

Petri Helenius was one of the first people to witness and report the
attack in progress. He notified the networking community that the DDOS
attack was not "causing any serious operational problems" but was slowing
things down. Helenius is a telecommunications expert whose company
developed the ROMmon (Robust Online Metric MONitoring) system that alerted
Mr. Helenius to the intrusion. Helenius notified the North American
Network Operators' Group (NANOG) by email at 21:29 UTC. "I remember
spending some time before sending off the email," said Helenius. "And,
trying to figure out specifics and failing to get further, I sent the
email."

The alarms went off at ROMmon at 20:46 (UTC) and the threshold for
escalation was crossed at 20:49. The situation dropped "below radar" at
22:01. Helenius pointed out, "the timestamp is a little later than the
fact (attack) due to the averaging of the system that (ROMmon) does before
it's happy."

Paul Vixie, a root operator, confirmed to NANOG that the DDOS attack was
an Internet Control Message Protocol (ICMP) request. ICMP messages are
used in the processing of datagrams through which Internet systems
communicate. This was the first clue to network operators that the people
behind the attack had no clue as to how to effectively take out the roots.
If the attackers had focused their computer power on generating bogus
queries to port 53, used by roots to provide domain name service, the
attack might have been successful -- provided that it was sustained for
more than one hour. Vixie successfully blocked the DDOS traffic he was
getting with the assistance of his backbone providers. Other operators,
however, were not as successful in defending their systems against the
attack.

If the attackers had instead targeted the much larger databases used by
the .com servers, users would have noticed the incident and it could have
gotten ugly. The .com domain servers o

Re: rogue IPv6 router

[Joe Baptista]

what problems is it causing?

Cheers
Joe Baptista

--
Planet Communications & Computing Facility
a division of The dot.GOD Registry, Limited

On Wed, 20 Nov 2002, Jun-ichiro itojun Hagino wrote:

>   it seems that there's Windows XP laptop acting as rogue router
>   serving bogus 6to4 prefix (generated from IPv4 linklocal address).
>
>   please stop it, thanks.
>
> itojun
>

IS THERE A CONTACT LIST OF ROOT SERVER OPERATORS - was Re: anyoneremember when the root servers were hi-jacked? (fwd)

[Joe Baptista]

Does anyone know of such a list?

Cheers
Joe Baptista

--
Planet Communications & Computing Facility
a division of The dot.GOD Registry, Limited

On Sun, 3 Nov 2002, Daniel Pelstring wrote:

> Since NSI has gone rogue and, many would argue that ICANN has too, I wish he
> was around to run another "test".  Is anybody able to do this again?
>
> -Daniel Pelstring
>
> - Original Message -
> From: "Dave Crocker" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>; "Michael Froomkin - U.Miami School of Law"
> <[EMAIL PROTECTED]>
> Cc: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
> Sent: Thursday, October 31, 2002 10:25 PM
> Subject: Re: anyone remember when the root servers were hi-jacked? (fwd)
>
>
> > Michael,
> >
> >
> > Thursday, October 31, 2002, 6:28:08 PM, you wrote:
> > Michael> http://www.law.miami.edu/~froomkin/articles/icann-body.htm#B170
> > Michael> tells the story as best I could reconstruct it.  There are
> footnotes to
> > Michael> the documents I could find.
> >
> > Notice that Professor Froomkin's "To his detractors" text does not
> > attempt any balance by offering any other explanation.
> >
> > As even Prof. Froomkin notes, things were fragile back then. That
> > included concern over the possibility that NSI would go rogue. NSI
> > controlled the master root. The one that all others took their data
> > from. Jon needed to test the ability to switch to a different master
> > DNS root, to make sure that there were ways to "route around" this
> > concern over NSI.
> >
> > That's all the test was.  Jon was clear about the need for this, weeks
> > before the test.  All anyone needed to do was ask him, rather than
> > engage in unfounded, inflammatory speculation.
> >
> > The other point that folks keep forgetting is that Jon had been
> > issuing operation directives for the root servers since the inception
> > of the DNS.  How can one "take over" something that one has been
> > responsible for over its entire existence?
> >
> > All of the storm and fury has been from people who have had nothing to
> > do with the running of the DNS, but instead have focused strictly on
> > the politics of it. (In fact, it was quite interesting to see that a
> > year of federal inter-agency task force meetings -- including
> > Magaziner's participation -- took place with most participants having
> > almost no understanding of DNS technical basics. We had to arrange a
> > tutorial for them.)
> >
> > d/
> > --
> >  Dave Crocker  <mailto:dave@;tribalwise.com>
> >  TribalWise <http://www.tribalwise.com>
> >  t +1.408.246.8253; f +1.408.850.1850
> >
> >
>

Re: anyone remember when the root servers were hi-jacked? (fwd)

[Joe Baptista]

That's a very good question.

Cheers
Joe Baptista

--
Planet Communications & Computing Facility
a division of The dot.GOD Registry, Limited

On Sun, 3 Nov 2002, Daniel Pelstring wrote:

> Since NSI has gone rogue and, many would argue that ICANN has too, I wish he
> was around to run another "test".  Is anybody able to do this again?
>
> -Daniel Pelstring
>
> - Original Message -
> From: "Dave Crocker" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>; "Michael Froomkin - U.Miami School of Law"
> <[EMAIL PROTECTED]>
> Cc: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
> Sent: Thursday, October 31, 2002 10:25 PM
> Subject: Re: anyone remember when the root servers were hi-jacked? (fwd)
>
>
> > Michael,
> >
> >
> > Thursday, October 31, 2002, 6:28:08 PM, you wrote:
> > Michael> http://www.law.miami.edu/~froomkin/articles/icann-body.htm#B170
> > Michael> tells the story as best I could reconstruct it.  There are
> footnotes to
> > Michael> the documents I could find.
> >
> > Notice that Professor Froomkin's "To his detractors" text does not
> > attempt any balance by offering any other explanation.
> >
> > As even Prof. Froomkin notes, things were fragile back then. That
> > included concern over the possibility that NSI would go rogue. NSI
> > controlled the master root. The one that all others took their data
> > from. Jon needed to test the ability to switch to a different master
> > DNS root, to make sure that there were ways to "route around" this
> > concern over NSI.
> >
> > That's all the test was.  Jon was clear about the need for this, weeks
> > before the test.  All anyone needed to do was ask him, rather than
> > engage in unfounded, inflammatory speculation.
> >
> > The other point that folks keep forgetting is that Jon had been
> > issuing operation directives for the root servers since the inception
> > of the DNS.  How can one "take over" something that one has been
> > responsible for over its entire existence?
> >
> > All of the storm and fury has been from people who have had nothing to
> > do with the running of the DNS, but instead have focused strictly on
> > the politics of it. (In fact, it was quite interesting to see that a
> > year of federal inter-agency task force meetings -- including
> > Magaziner's participation -- took place with most participants having
> > almost no understanding of DNS technical basics. We had to arrange a
> > tutorial for them.)
> >
> > d/
> > --
> >  Dave Crocker  <mailto:dave@;tribalwise.com>
> >  TribalWise <http://www.tribalwise.com>
> >  t +1.408.246.8253; f +1.408.850.1850
> >
> >
>

FC: FDA permits use of implantable ID chips in humans (fwd)

[Joe Baptista]

inventory time - will those chips be ipv6 enabled?

-- Forwarded message --
Date: Wed, 23 Oct 2002 10:25:11 -0400
From: Declan McCullagh <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: FC: FDA permits use of implantable ID chips in humans

[There are two obvious questions: Should federal bureaucrats forcibly
prevent a company from selling implantable chips of this sort? And would it
be desirable for society to adopt these chips? I think the answer to the
first is "no," and the answer to the second is also "no." I would not stop
by government force or intervention people from using such implants, but it
is reasonable to be concerned about what might happen with widescale
adoption and speak out against it. Previous Politech message:
http://www.politechbot.com/p-03135.html  --Declan]

---

Date: Wed, 23 Oct 2002 10:10:45 -0400
From: Bob <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: ID Chip's Controversial Approval
References: <[EMAIL PROTECTED]>
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit

I find this very disturbing.  Another example of how difficult it is to
deal with the exponential effects of technology on our linear political
sensibilities.

Bob Adams
http://www.globaldevelopment.org


The full story can be found at
http://www.wired.com/news/politics/0,1283,55952,00.html


Wired magazine
02:00 AM Oct. 23, 2002 PDT

A surprise decision by the Food and Drug Administration permits the use of
implantable ID chips in humans, despite an FDA investigator's recent public
reservations about the devices.

The FDA sent chip manufacturer Applied Digital Solutions a letter stating
that the agency would not regulate the VeriChip if it
was used for "security, financial and personal identification or safety
applications," ADS said Tuesday.

But the FDA has not determined whether the controversial chip can be used
for medical purposes, including linking to medical
databases, the company added...




-
POLITECH -- Declan McCullagh's politics and technology mailing list
You may redistribute this message freely if you include this notice.
To subscribe to Politech: http://www.politechbot.com/info/subscribe.html
This message is archived at http://www.politechbot.com/
Declan McCullagh's photographs are at http://www.mccullagh.org/
-
Like Politech? Make a donation here: http://www.politechbot.com/donate/
Recent CNET News.com articles: http://news.search.com/search?q=declan
-

RE: WP: Attack On Internet Called Largest Ever

[Joe Baptista]

These are all good questions i'm looking forwqard to see answered.  The
attack was amaturish and a clear indication the attackers had no idea how
to agrevate dns vulnerabilities.  They could of done better with the
resources at their disposal.

On Wed, 23 Oct 2002, Greg Pendergrass wrote:

>
> It's universally agreed that the articles have mostly been blown out of
> proportion and dramatized, but that doesn't mean that attacks against the
> root servers can't be successful. Future attacks will be stronger and more
> organized. So how do we protect the root servers from future attack?
>
> There has been a lot about what did not happen yesterday, but how about some
> details about what did happen? Was it a ping flood, syn-flood, smurf, or
> some combination of types? Were the zombie machines windows, linux, or both?
> Some of the root servers were affected more than others, why? Was it that
> there was more ddos traffic directed at them, or that they had less hardware
> and network resources?

They didn't have St. Paul of Vixie and his vixens to save the day.

regards
joe baptista

Re: Security Paradox

[Joe Baptista]

On Mon, 14 Oct 2002 [EMAIL PROTECTED] wrote:

> On Tue, 15 Oct 2002 11:06:09 +1000, Benny Nasution <[EMAIL PROTECTED]>  said:
> > Security always needs to be increased to reduce threats and risks, but
> > these threats and risks are the ultimate ýsource of information about
> > the quality of its ability. Therefore the better the security is
> > developed the less information you will get about how to improve it.
>
> Proper auditing and instrumentation will tell you what's being *attempted*.
>
> Also, note that security is a *process*, and involves making trade-offs.
> For instance, my network has well over 30K hosts on it.  Even if I manage to
> make 99% of them totally hack-proof, I need to expect an average of 1 host
> to be hacked *every day*.  Yes, I could probably harden it so 99.9% were

You know something.  In an earlier message someone mentioned the title
"security expert".  I think considering what we know of security on the
internet that the term "security expert" is an oxymoron.  Security experts
are essentially crisis managers.  And every firm should have one.

regards
joe baptista

Re: IPv6 and child pornographers

[Joe Baptista]

On Mon, 14 Oct 2002 [EMAIL PROTECTED] wrote:

> On Mon, 14 Oct 2002 12:32:23 EDT, Joe Baptista said:
>
> > You mentioned two security protocols above - well they have proven to be
> > vulnerable.
> >
> > 
>http://search.cert.org/query.html?col=allcert&col=certadv&col=incnotes&col=research&col=secimp&col=techtips&col=trandedu&col=vulnotes&ht=0&qp=&qt=KDC&qs=&qc=&pw=100%25&ws=1&la=en&qm=0&st=1&nh=25&lk=1&rf=2&rq=0&si=1
> > 
>http://search.cert.org/query.html?rq=0&ht=0&qp=&qs=&qc=&pw=100%25&ws=1&la=&qm=0&st=1&nh=25&lk=1&rf=2&oq=&rq=0&si=1&col=allcert&col=trandedu&col=vulnotes&col=techtips&col=research&col=certadv&col=incnotes&col=secimp&qt=kerberos
>
> And your point is?

there is no protocol ever developed that can not be compromised.  and if
one exists please let me know.

> > Thats exactly my point.  I have yet to see anything that can't be
> > compromised.
>
> I am afraid that if you're waiting for "can't be compromised", you are in
> for a VERY long wait.  Serious security professionals know that anything CAN
> be compromised - the requirement is that it be merely secure enough to deter
> an attacker.  For instance, a GSA Class 5 cabinet or vault is rated to

exactly.  anything can be compromised.  like i said it in the article -
security is more an act of faith.  the best we can do is hope for the best
and be positive.

> He means that v4 versus v6 won't matter a hill of beans to Carnivore,
> what will matter to its data gathering is whether IPSec or other suitable
> crypto is used *on top of* the v4/v6 connection.

ok i agree with that.

> OK.  I'll grant you that.  However, I suggest you look at the amount of
> resources needed to actually brute-force decrypt an IPSec connection
> when using the recommended algorithms and key lengths - and then ask yourself
> whether your threat model includes that scale attack (hint - 3DES isn't twice
> as hard to break as single-DES, it's 2^56 or 72,057,594,037,927,936 times
> harder.  Now, if the EFF DES-breaker cost $250K, you'll need that many of
> them - which is well over the US GNP.  Which three-letter-agency wants to
> spend that much on you, and if it's THAT important, why won't they just
> engage in what Marcus Ranum calls "rubber hose cryptography"?

I don't think we have any dispute here.  I don't have the budget to do it
- but others on this pretty blue plant do.

and thanks for the reading recommendation.

regards
joe baptista

Re: IPv6 and child pornographers

[Joe Baptista]

see below for reply.

On Mon, 14 Oct 2002, Stephen Kent wrote:

> DARPA planners unfortunately were short sighted and did not
> anticipate the technology would become an international standard for
> communications. The community of users and networks connected to DARPA
> were small and trusted so security concerns were a low priority. The
> end result was the deployment of insecure protocols that have kept
> many security experts gainfully employed. Even secure protocols are
> hacked. Today there are millions of compromised computer systems busy
> trying to hack other computers. And many of those busy hacking
> computers may no longer be under the control of the original script
> kiddy hacker who launched them. In fact I suspect many such computers
> are operating independently of a human operator.
>
> As one of the fortunate folks who participated in the ARPANET and the
> beginning of the Internet, I can attest to the accuracy of the first
> sentence. Unfotunately, most of the rest of the paragraph, and the
> rest of your message, is incorrect.
>
> The first crypto-based security protocols for packet nets (and
> devices that implemented them) were developed in the mid-70s, here at
> BBN, and deployed in the ARPANET. In the later half of the 70s we
> also developed the first IP-based end-to-end crypto protocols and
> devices, using KDC-style technology well before the development of
> Kerberos at MIT under project Athena. So, it is inaccurate to suggest
> that the DoD did not pay attention to security concerns in the
> development of IP.

Steve you took a tangent into outer space here.  Time to bring you down to
earth.  I do not dispute end to end crypto protocols were developed at
various stages in the game.  Unfortunately I have yet to see anything that
actually works and stands the test of time.

You mentioned two security protocols above - well they have proven to be
vulnerable.

http://search.cert.org/query.html?col=allcert&col=certadv&col=incnotes&col=research&col=secimp&col=techtips&col=trandedu&col=vulnotes&ht=0&qp=&qt=KDC&qs=&qc=&pw=100%25&ws=1&la=en&qm=0&st=1&nh=25&lk=1&rf=2&rq=0&si=1
http://search.cert.org/query.html?rq=0&ht=0&qp=&qs=&qc=&pw=100%25&ws=1&la=&qm=0&st=1&nh=25&lk=1&rf=2&oq=&rq=0&si=1&col=allcert&col=trandedu&col=vulnotes&col=techtips&col=research&col=certadv&col=incnotes&col=secimp&qt=kerberos

> The primary security mechanisms that are part of IPv6, are the same
> ones that are available for IPv4 today, namely IPsec. So it would
> also be inaccurate to suggest that IPv6 offers significant new
> security options relative to v4. Although one can argue that the
> address space capabilities of v6 offer the potential for increased
> privacy relative to v4, even this may not be true in practice, as
> there are many ways by which privacy is likely to be compromised by
> higher layer protocols.

Thats exactly my point.  I have yet to see anything that can't be
compromised.

> Depending on the type of traffic that Carnivore is being used to
> intercept, I doubt that the transition to v6 form v4 will be a
> concern, absent use of IPsec or S/MIME or SSL/TLS.

I'm not sure what you mean here.

> IPsec does not make IP "less prone to man in the middle interception
> ..." It makes v4 and v6 immune to such interception. IPv6 will NOT do

IPsec does not make any system immune from man in the middle interception.
Maybe the transmitted data is immune from your average joe in the middle
but not from those who can and have the resources to decrypt these
transmissions.  That is after all what intel (intellegence communities) do
as a standard part of their business.  Granted IPsec makes it more costly
to view the stream - but not impossible.  There is no such thing as an
immune protocol.

> this automatically. It still requires user/admin configuration and
> key management, which has often proved to be an impediment, largely
> because of poor management designs/interfaces.

Yes and that is always a problem.  User interfaces are not terribly
friendly.

> I could go on to identify many more errors in the statements you made
> re various security matters. As the military would say, you message
> is a "target rich environment."  But, I think this ones noted above
> suggest that you don't really understand the nature of security in
> the Internet.

go ahead - consider it a learning challenge.  and feel free to do so
privately.

cheers
joe baptista

IPv6 and child pornographers

[Joe Baptista]

The subject line says it all - IPv6 is a great protocol for free speech
and other sorted activities.

-- Forwarded message --

   http://www.circleid.com/articles/2543.asp

   IPv6: In Search Of Internet Security
   October 9, 2002 By Joe Baptista

   My recent articles on IPv6 published this past September 12 and
   25 have left many users with the impression that IPv6 (Internet
   Protocol version 6) is secure. This is a false assumption. Internet
   security is more an act of faith in a complex science draped in a
   religious mystery - in other words non-existent. In my opinion,
   Internet security has never existed. Any protocol can be violated.
   IPv6 has the power to make users' communication more secure during
   transmission. It also can be a security nightmare. So be warned, users
   of IPv6 - it will bypass your firewall settings but it will give your
   users enhanced privacy. But the experts are working on it.

   To understand Internet security it's always a good idea to go back in
   history. The Internet was a military sponsored communication project
   developed under DARPA (The Defense Advanced Research Projects Agency).
   The idea at the time was to distribute computer resources by
   decentralizing control and increasing redundancy on United States
   military and government networks. The goal was to prevent a first
   strike from taking out computational and communication facilities
   essential to operations. If the red menace (Soviet Union) bombed a
   computer facility in Kansas the network would route around the damage
   and survive.

   DARPA planners unfortunately were short sighted and did not
   anticipate the technology would become an international standard for
   communications. The community of users and networks connected to DARPA
   were small and trusted so security concerns were a low priority. The
   end result was the deployment of insecure protocols that have kept
   many security experts gainfully employed. Even secure protocols are
   hacked. Today there are millions of compromised computer systems busy
   trying to hack other computers. And many of those busy hacking
   computers may no longer be under the control of the original script
   kiddy hacker who launched them. In fact I suspect many such computers
   are operating independently of a human operator.

   IPv6 does fix a lot of the privacy issues and has some added security
   features that make it a better transport. Keith Moore, a researcher
   with the computer science department at the University of Tennessee,
   points out that "security is not an IPv6 issue any more than it is an
   IPv4 issue - probably slightly less." Moore, a former applications
   area director to the Internet Engineering Steering Group, points out
   that users of IPv6 will have an added advantage over IPv4. IPv6
   transports traffic using the IPsec security protocol.

   IPv4 connections move traffic around in the clear (plain text). It is
   up to the user to ensure traffic is encrypted. Sniffer programs at
   various Internet exchange points can easily intercept most user web
   and email traffic. Cable users sometimes install sniffer programs to
   monitor and record IPv4 transmissions. In most cases they don't have
   the means to decrypt security protocols and they do it mostly for the
   fun and entertainment value. So don't panic, your credit card is still
   confidential provided you used it over a secure web session. However
   don't expect to send your credit card data to Uncle Steve via email.
   If you have however emailed confidential information to someone
   chances are your message was transported as plain text and can be
   subject to interception.

   The industry would agree that IPv4 is a brain dead protocol and those
   predicting it's death have good reasons for their position. Government
   programs like carnivore depended on IPv4 vulnerabilities to be
   successful. Carnivore is a tool that has revitalized worldwide respect
   for the FBI in the intelligence community. The program intercepts and
   analyzes Internet traffic and is classified by the FBI as a diagnostic
   tool. Carnivore is also a motivating factor in the transition to IPv6
   by American, European and Japanese governments.

   Governments understand their vulnerabilities under IPv4; their
   intelligence departments have diagnostic tools too. IPsec makes IPv6
   less prone to man in the middle interception or attacks. User data
   under IPv6 is encrypted across the transmission end points. Sure the
   intelligence establishment has the means to break encrypted protocols
   but that's an expensive affair. Carnivore has not been effective in
   catching terrorists who communicate using encrypted channels. But it's
   been very effective in catching child pornographers that have yet to
   discover the privacy features available to them under IPv6. It is easy
 

Re: INTERVIEW comments by Conrad on IPv4

[Joe Baptista]

well what i've heard is that it what we in business call the old screw up.
they forgot the law while they were handing out address space.

cerf explained it very well.  they are powerless to do anything.  i can
see a IPv4 union of users coming together.  his exact words were

"The problem with trying to reclaim (re-possess) IP address space is
enforcement. One has to find a way to stop someone from "advertising" the
assigned address space in the global routing tables before one can
effectively re-use the address space. Unless the party cooperates by
ceasing to advertise the space, assigning it to another party who
advertises this address space will cause inconsistent routing to one or
the other of the advertising networks."

I can see alot of opportunities here if push comes to shove.  Incidentally
rfc 1918 is irrelevant to it - those are internal border addresses - non
public "Address Allocation for Private Internets".  Unless I'm missing
something it's the public address network.

Cheers
Joe Baptista

--
Planet Communications & Computing Facility
a division of The dot.GOD Registry, Limited

On Mon, 23 Sep 2002 [EMAIL PROTECTED] wrote:

> On Sun, 22 Sep 2002 04:13:17 EDT, Joe Baptista <[EMAIL PROTECTED]>  said:
> > "David Conrad recently reminded legal participant of telecom conferences
> > that Ipv4 address space remains yours even if you don't pay the registry
> > fees.  Conrad a registry insider at ARIN admitted people don't have to
> > return address space if they don't pay their fees."
> >
> > Can anyone tell me why this is the case?
>
> Well... I go down to the local rental store, and if I rent a post hole
> digger or a chain saw or similar, I need to return it before the next
> people can use it.
>
> If I forget to return the stuff I rented from Rent-An-Integer (aka ARIN),
> they don't need to get my integers back before they can give them out again
> to somebody who's not a deadbeat.
>
> Of course, at that point, you basically have RFC1918-style space with
> a nonstandard prefix, and are quite likely to be hassled by the current
> renter of that series of integers if you persist in using them on the
> open Internet.
>
> Remember - you're not paying for address space.  You're paying for a guarantee
> that you're the only user of that address space.  If you don't understand the
> distinction, you might want to stash that article and re-write it once you do.
> --
>   Valdis Kletnieks
>   Computer Systems Senior Engineer
>   Virginia Tech
>
>

INTERVIEW comments by Conrad on IPv4

[Joe Baptista]

I have the following in an article to be published this week

"David Conrad recently reminded legal participant of telecom conferences
that Ipv4 address space remains yours even if you don't pay the registry
fees.  Conrad a registry insider at ARIN admitted people don't have to
return address space if they don't pay their fees."

Can anyone tell me why this is the case?

regards
joe baptista

--
Planet Communications & Computing Facility
a division of The dot.GOD Registry, Limited