Re: who gets a /32 [Re: IPV6 renumbering painless?]

[Christian Kuhtz]

On 11/15/04 12:18 AM, "Daniel Roesen" <[EMAIL PROTECTED]> wrote:

> Unfortunate, even today there are not many option of transit ISPs
> who have a real native dual-stack deployment (I consider 6PE to be
> native)... most have just tunnels inside. Currently I cannot think
> of more than... hm... 3-4 ISPs who can deliver real amounts of
> native US-EU bandwidth.

What sort of customers do these v6 SP's have for IPv6?  What demands are
there for real amounts of IPv6 bandwidth?

Thanks,
Christian

RE: EFF whitepaper

[Peering]

>From personal experience, whether you check that you want further
mailings from MoveOn.org or not, they send them to you anytime you send
anything (petitions, letters, etc) from their website.  They're also not
that great about taking you off when you complain (I have had to
complain 2-3 times per incident).  For this reason, no matter how I feel
about the subject, I won't go through them anymore.

Hopefully one of their contacts is listening, because their mail policy
is really obnoxious.

Diane Turley
Network Engineer
Xspedius Communications Co.
636-625-7178


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Paul Vixie
Sent: Sunday, November 14, 2004 10:45 PM
To: [EMAIL PROTECTED]
Subject: Re: EFF whitepaper



[EMAIL PROTECTED] (Sean Donelan) writes:

> http://www.eff.org/wp/?f=SpamCollateralDamage.html

excerpt:

I. The Problem   

MoveOn.org is a politically progressive organization that
engages
in online activism. For the most part, its work consists of
sending
out action alerts to its members via email lists.  Often, these
alerts will ask subscribers to send letters to their
representatives about time-sensitive issues, or provide details
about upcoming political events. Although people on the
MoveOn.org
email lists have specifically requested to receive these alerts,
many large ISPs regularly block them because they assume bulk
email
is spam. [...]

i reject all mail from moveon.org here.  not because i assume bulk
e-mail is spam, but because i still personally receive all mail sent to
any address at cix.net, and quite a few people who wish to subscribe
from cox.net end up typing cix.net by mistake.  ("i" and "o" are
adjacent in QWERTYland.) i'm therefore in a position to prove that
moveon.org does not verify the ownership or permission status of new
e-mail addresses before sending political information.  i tried
complaining, but moveon.org's postmaster function appeared to be
understaffed or overworked or both.

further down in this otherwise excellent paper, we see:

II. The Solution (Or At Least A Start): Principles and Best
Practices 
[...]
2. All mailing-list email should be delivered to willing
   subscribers. As a corollary, no one should be
subscribed
   to an email list without his or her knowledge and
   consent, as evidenced by positive action.

...to which i must add my strongest possible agreement.  if moveon.org
would just follow this principle or best practice, i would accept their
e-mail here.  even though i found this EFF paper to be well written and
well researched in other ways, i wonder if the authors knew that
moveon.org does not verify permission or ownership of new subscribers,
and if they considered this as one of the possible reasons why a lot of
e-mail admins reject, as i do, all mail that comes from moveon.org.  if
not, then the fundamental premise of this paper is flawed.  if so, then
they should have mentioned this factor.  either way, i'm not as
impressed as i could've been.
-- 
Paul Vixie

Re: EFF whitepaper

[Steven Champeon]

on Mon, Nov 15, 2004 at 04:45:24AM +, Paul Vixie wrote:
> 
> [EMAIL PROTECTED] (Sean Donelan) writes:
> 
> > http://www.eff.org/wp/?f=SpamCollateralDamage.html
> 
> excerpt:
> 
> I. The Problem   
> 
> MoveOn.org is a politically progressive organization that engages
> in online activism. For the most part, its work consists of sending
> out action alerts to its members via email lists.  Often, these
> alerts will ask subscribers to send letters to their
> representatives about time-sensitive issues, or provide details
> about upcoming political events. Although people on the MoveOn.org
> email lists have specifically requested to receive these alerts,
> many large ISPs regularly block them because they assume bulk email
> is spam. [...]
> 
> i reject all mail from moveon.org here.  not because i assume bulk e-mail
> is spam, but because i still personally receive all mail sent to any address
> at cix.net, and quite a few people who wish to subscribe from cox.net end
> up typing cix.net by mistake.  ("i" and "o" are adjacent in QWERTYland.)
> i'm therefore in a position to prove that moveon.org does not verify the
> ownership or permission status of new e-mail addresses before sending
> political information.  i tried complaining, but moveon.org's postmaster
> function appeared to be understaffed or overworked or both.

I couldn't agree more. We have several users here who signed up for the
moveon.org mailings back when the group was a single-issue activism project
(getting the US to "move on" and stop wasting its time trying to impeach
Clinton). None of them expected to become permanent members of what soon
became a shrill, extremely partisan, and spam-spewing group. To the best of
my knowledge, no attempt to unsubscribe has been respected.
 
That said, I've long since stopped listening (or contributing) to the EFF
as I see their war on antispammers as counterproductive. John Gilmore runs
a well-known open relay at toad.com, and for some reason thinks that free,
anonymous speech is important enough to let spammers drown it out through
sheer volume. I prefer having usable email, so I no longer support the EFF.

-- 
join us!   http://hesketh.com/about/careers/web_designer.html   join us! 
hesketh.com/inc. v: +1(919)834-2552 f: +1(919)834-2554 w: http://hesketh.com
join us!   http://hesketh.com/about/careers/account_manager.htmljoin us!

Re: who gets a /32 [Re: IPV6 renumbering painless?]

[Jared Mauch]

On Mon, Nov 15, 2004 at 09:29:25AM -0500, Christian Kuhtz wrote:
> 
> 
> 
> On 11/15/04 12:18 AM, "Daniel Roesen" <[EMAIL PROTECTED]> wrote:
> 
> > Unfortunate, even today there are not many option of transit ISPs
> > who have a real native dual-stack deployment (I consider 6PE to be
> > native)... most have just tunnels inside. Currently I cannot think
> > of more than... hm... 3-4 ISPs who can deliver real amounts of
> > native US-EU bandwidth.
> 
> What sort of customers do these v6 SP's have for IPv6?  What demands are
> there for real amounts of IPv6 bandwidth?

I've historically found that there are a number of FTP
sites that get congested on IPv4 but are accessable via IPv6 (only).

I have a /48 at home, but am only using about 4 /64's on my various
subnets (servers, wireless, office lan, etc..)

I'd say that about 1-5% of my home bandwidth usage (on average)
is IPv6 only.  I'm sure it's going up with the number of sites doing
v4+v6 (eg: roots) increasing.

- jared

-- 
Jared Mauch  | pgp key available via finger from [EMAIL PROTECTED]
clue++;  | http://puck.nether.net/~jared/  My statements are only mine.

ARIN 2002-3 statistics

[Leslie Nobile]

A recent question has come up on this list regarding the
number of organizations that have qualified for IPv4 addresses under policy
2002-3 “Address Policy for Multi-homed Networks.

 

Since its implementation in May 2004, ARIN has been tracking
the number of allocations and assignments (/21s and /22s) made under this policy very
closely.  Here are the statistics as of Oct. 31, 2004:

 

# of Organizations qualified:   80

# of Allocations to ISPs   61  

# of Assignments to End Users:  27  

 

Regards,

 

Leslie Nobile

Director, Registration Services

American Registry for Internet Numbers (ARIN)

[EMAIL PROTECTED]

 

 

RE: EFF whitepaper

[Miller, Mark]

  Well-written or not, this piece has a vague odor of blaming the victim
for the crime.  To cite the specific example quoted below, if
cash-hungry spam havens like China, Korea and others took action locally
to reduce the "spam-friendly" nature of many of their online providers,
the filtering fickle middle finger of fate would not be pointed at them
as a geographical entity.  I mean, if 40% of my spam comes from or
through China, then of course I will be more wary of accepting mail from
there.  Profiling isn't a problem of free speech, it is a simple matter
of statistics. 

  It's a bad craftsman that blames his tools. These utilities are
specifically designed to operate in the online environment we find
ourselves in.  Perhaps it is the environment that needs changing, not
the way we protect ourselves from it.


 - Mark




Spam Assassin, a popular program that does ad hoc pattern matching,
assigns "points" to various features of an email to determine whether it
is spam. The higher the number of points, the more likely it will be
sent to the spam folder or discarded. Points can be assigned for
everything from country of origin to certain words or subject headers.
One of the major problems with this system is that messages from certain
countries - like China, for example - can be blocked purely on the basis
of where they come from and what language they're in The implications
for free speech here are very troubling indeed: a human rights group
communicating with people in China may find that their bulk email is
blocked, and thus anti-spam technology unintentionally works as a
political censorship mechanism. Of course, this is only a problem when
end users are not given control over how points are assigned, and what
will be done with messages that get "high" or "low" marks. Spam Assassin
and programs like it can be configured to give users more control. 

Re: IPV6 renumbering painless?

[Valdis . Kletnieks]

On Sun, 14 Nov 2004 18:10:03 +0100, Iljitsch van Beijnum said:

> only leaf sites use the 32 bit AS numbers. 32 bit AS numbers for 
> transit ASes are best avoided until everyone has upgraded.

Umm... I'll bite.. ;)

How do we know/tell that "everyone" has upgraded?  (As opposed to just
saying "It's been N+4 years now, everybody must have upgraded by *now*"?)

Of course, we *could* always declare "everybody" as "98% of the sites that
have good contact info in the various Whois databases are ready to go,
the rest know about the issue, and those with bum contact info will get
what they deserve when we deploy" :)



pgpBIoXGvCDpn.pgp
Description: PGP signature

Re: who gets a /32 [Re: IPV6 renumbering painless?]

[Jeroen Massar]

On Mon, 2004-11-15 at 11:03 -0500, Jared Mauch wrote:
> On Mon, Nov 15, 2004 at 09:29:25AM -0500, Christian Kuhtz wrote:
> > 
> > 
> > 
> > On 11/15/04 12:18 AM, "Daniel Roesen" <[EMAIL PROTECTED]> wrote:
> > 
> > > Unfortunate, even today there are not many option of transit ISPs
> > > who have a real native dual-stack deployment (I consider 6PE to be
> > > native)... most have just tunnels inside. Currently I cannot think
> > > of more than... hm... 3-4 ISPs who can deliver real amounts of
> > > native US-EU bandwidth.
> > 
> > What sort of customers do these v6 SP's have for IPv6?  What demands are
> > there for real amounts of IPv6 bandwidth?

http://www.sixxs.net/misc/traffic/

>   I've historically found that there are a number of FTP
> sites that get congested on IPv4 but are accessable via IPv6 (only).

There are, as demonstrated from above graphs, quite a number of people
who also found out that some news server has this feature ;)

>   I have a /48 at home, but am only using about 4 /64's on my various
> subnets (servers, wireless, office lan, etc..)

I guess most people, who are a bit into computers, at least have 2
LAN's: wired and wireless. Some, like Jared apparently, even make
seperate subnets per room. Though 2 is quite common. With the future in
mind though (read: toys toys toys), I see it very likely that the amount
of subnets will grow at a large rate.

>   I'd say that about 1-5% of my home bandwidth usage (on average)
> is IPv6 only.  I'm sure it's going up with the number of sites doing
> v4+v6 (eg: roots) increasing.

I guess my usage is somewhat the same when I was still really actively
using that network.

The only solution to getting more IPv6 content: crontab that request
message and spam Google and others to provide IPv6 capable servers (and
crawlers). Doom3 doesn't do IPv6 either yet unfortunately (afaik)... I
still wonder, it is even easier to use getaddrinfo()* to write socket
related code, thus what is the problem of doing IPv6 in software?
(Except for the lame excuse of having 'latency' when the stuff is not
configured correctly and you have to time out before connecting)

Greets,
 Jeroen

* = http://gsyc.escet.urjc.es/~eva/IPv6-web/ipv6.html
http://www.kame.net/newsletter/19980604/



signature.asc
Description: This is a digitally signed message part

Re: who gets a /32 [Re: IPV6 renumbering painless?]

[Christian Kuhtz]

On 11/15/04 11:03 AM, "Jared Mauch" <[EMAIL PROTECTED]> wrote:
> On Mon, Nov 15, 2004 at 09:29:25AM -0500, Christian Kuhtz wrote:
>> On 11/15/04 12:18 AM, "Daniel Roesen" <[EMAIL PROTECTED]> wrote:
>> 
>>> Unfortunate, even today there are not many option of transit ISPs
>>> who have a real native dual-stack deployment (I consider 6PE to be
>>> native)... most have just tunnels inside. Currently I cannot think
>>> of more than... hm... 3-4 ISPs who can deliver real amounts of
>>> native US-EU bandwidth.
>> 
>> What sort of customers do these v6 SP's have for IPv6?  What demands are
>> there for real amounts of IPv6 bandwidth?
> 
> I've historically found that there are a number of FTP
> sites that get congested on IPv4 but are accessable via IPv6 (only).

But that's an artifact... There's no reason rooted in the protocols
themselves (and associated business reasons) as to why that should be a
lasting benefit.  It's merely a reflection of poor capacity management and
idle (under utilized) IPv6 stacked server capacity..

Thanks for playing, though :)..

Regards,
Christian





*
"The information transmitted is intended only for the person or entity to which 
it is addressed and may contain confidential, proprietary, and/or privileged 
material.  Any review, retransmission, dissemination or other use of, or taking 
of any action in reliance upon, this information by persons or entities other 
than the intended recipient is prohibited.  If you received this in error, 
please contact the sender and delete the material from all computers."  118

Re: IPV6 renumbering painless?

[Kurt Erik Lindqvist]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


On 2004-11-14, at 18.10, Iljitsch van Beijnum wrote:

>
> On 13-nov-04, at 18:11, Hank Nussbacher wrote:
>
>> 30% usage and we need 32 bit ASNs?
>
> Usage is of course irrelevant, what counts is how many free ones are 
> left. This number is well below 70%.
>
> We would be better off upgrading to 32 bits AS numbers sooner rather 
> than later (unless we're confident we'll never run out of 16 bit ones) 
> because this way there are enough 16 bit AS numbers left. The current 
> 32 bit AS number proposal (that has been around for at least 4 years 
> now) should work very well for routers that aren't upgraded as long as 
> only leaf sites use the 32 bit AS numbers. 32 bit AS numbers for 
> transit ASes are best avoided until everyone has upgraded.

"32-bits should be enough for anyone", right? :-)

While I do think we need to start the upgrade process, I actually think 
that we still need to find a process to reclaim unused resources. 
Otherwise we will be back here sooner than later. And it will be much 
harder to get these resources back when the net is even larger than 
today...

- - kurtis -

-BEGIN PGP SIGNATURE-
Version: PGP 8.1

iQA/AwUBQZj0gKarNKXTPFCVEQIS9QCdFzA4dD9rrfaXpaA6dziFpUGHLnoAoK/y
nfctV6BhpuFJBvh2IXEl2tXt
=jnCA
-END PGP SIGNATURE-

Deutch

[Richard J. Sears]

Can someone from Deutsch Telecom please contact me off list.

Thanks

**
Richard J. Sears
Vice President 
American Internet Services  

[EMAIL PROTECTED]
http://www.adnc.com

858.576.4272 - Phone
858.427.2401 - Fax
INOC-DBA - 6130


I fly because it releases my mind 
from the tyranny of petty things . . 


"Work like you don't need the money, love like you've
never been hurt and dance like you do when nobody's
watching."

Re: IPV6 renumbering painless?

[Iljitsch van Beijnum]

On 15-nov-04, at 18:03, [EMAIL PROTECTED] wrote:
only leaf sites use the 32 bit AS numbers. 32 bit AS numbers for
transit ASes are best avoided until everyone has upgraded.

How do we know/tell that "everyone" has upgraded?  (As opposed to just
saying "It's been N+4 years now, everybody must have upgraded by 
*now*"?)
Well, how do you know that everyone has upgraded from BGP3 to BGP4?
Of course, we *could* always declare "everybody" as "98% of the sites 
that
have good contact info in the various Whois databases are ready to go,
the rest know about the issue, and those with bum contact info will get
what they deserve when we deploy" :)
The idea is that the new AS numbers are encoded in new path attributes. 
For backward compatibility, a "special" AS number is put in the places 
where a 16 bit number is expected. For obvious reasons, there isn't a 
corresponding 16 bit AS number for every 32 bit one. So to a 16 bit 
router all 32 bit ASes look like a single very big AS. Now this 
shouldn't lead to any problems as long as you don't look too hard at 
the 16 bit version of the AS path. For leaf sites this shouldn't be a 
big deal, but for a transit AS the world is going to look a bit 
confusing when observed through 16 bit glasses when 32 bit AS numbers 
are becoming common.

So practically, we would have to wait until the big N venders support 
this  (for N ≥ 2), wait a bit more and then see if we can start 
unloading those 32 bit ASes on some poor unexpecting 
wannabe-multihomers.  :-)

Re: EFF whitepaper

[J.D. Falk]

On 11/15/04, Steven Champeon <[EMAIL PROTECTED]> wrote: 

> That said, I've long since stopped listening (or contributing) to the EFF
> as I see their war on antispammers as counterproductive. John Gilmore runs
> a well-known open relay at toad.com, and for some reason thinks that free,
> anonymous speech is important enough to let spammers drown it out through
> sheer volume. I prefer having usable email, so I no longer support the EFF.

While I continue to be saddened by this, I have to agree.  The
EFF has done amazing, necessary work on so many issues, and I
thank them for that -- but they've been blaming the wrong people
regarding spam for many years.

-- 
J.D. Falk   okay, what's next?
<[EMAIL PROTECTED]>

71/8 and 72/8 reminder/plea

[Jerimiah Cole]

Friendly reminder that ARIN has been allocating from 71/8 and 72/8 since 
August.  If you have static bogon filters, PLEASE make sure they are 
updated.

Jerimiah
Tularosa Communications

Re: EFF whitepaper

[Tom (UnitedLayer)]

On Mon, 15 Nov 2004, Steven Champeon wrote:
> John Gilmore runs a well-known open relay at toad.com, and for some
> reason thinks that free, anonymous speech is important enough to let
> spammers drown it out through sheer volume.

Someone famous said something about paying a high price for free speech, I
think this perhaps would fall under that category.

Mr Gilmore spends quite a bit of time tending to his mail server to ensure
that spammers do not abuse it. Any spammer who spends time pumping mail
through his server is going to realize quite quickly that its not worth
their time. Its a very old slow machine on a T1 with other intentional
slowdowns added to the MTA, and some amount of spam filtering. I would say
it would have a hard time passing more than 1 message a minute.

I would think that most spammers would give up and go abuse an open proxy
somewhere, they're much more plentiful and less cluefully tended.

Re: EFF whitepaper

[Steven Champeon]

on Mon, Nov 15, 2004 at 01:06:09PM -0800, Tom (UnitedLayer) wrote:
> On Mon, 15 Nov 2004, Steven Champeon wrote:
> > John Gilmore runs a well-known open relay at toad.com, and for some
> > reason thinks that free, anonymous speech is important enough to let
> > spammers drown it out through sheer volume.
> 
> Someone famous said something about paying a high price for free speech, I
> think this perhaps would fall under that category.

I know - I too, pay a high price to maintain my own mail servers.

> Mr Gilmore spends quite a bit of time tending to his mail server to ensure
> that spammers do not abuse it.

Congrats. So do I. 

> Any spammer who spends time pumping mail through his server is going
> to realize quite quickly that its not worth their time. Its a very old
> slow machine on a T1 with other intentional slowdowns added to the
> MTA, and some amount of spam filtering. I would say it would have a
> hard time passing more than 1 message a minute.

Great. And this affects those of us with not-so-old, not-so-slow machines
how? The bottom line is that Gilmore, and the EFF, have taken a very soft
stance on spam, believing it to be less important than "free speech" or
"anonymous speech". Oh, well. I believe that the EFF already has all the
support it needs, and so I don't contribute to their efforts to make my
life more difficult.

> I would think that most spammers would give up and go abuse an open proxy
> somewhere, they're much more plentiful and less cluefully tended.

Oh, probably. Or one of the million-host proxy botnets. Or another open
proxy. Or another open relay. Or a hacked webmail server, etc. etc. etc.
The existence of other more preferable alternatives doesn't obviate the
fact that the EFF has not been tough enough on spam.

 http://www.eff.org/Spam_cybersquatting_abuse/Spam/position_on_junk_email.php

Wow. So, no antispam measure with any possibility of blocking legitimate
mail should be adopted. In other words, we should just go back to 1993?

 http://eff.org/wp/?f=SpamCollateralDamage.html

Wow. So, any collateral damage is unacceptable? Even when the source of
the so-called "legitimate" mail is a spammer, pure and simple, with bad
ideas about what constitutes mailing list management? Granted, they're
"working with others" to "define" things that most of us have known
about for years. Gee, thanks, guys. Why not spend some time using the
best practices already written up? Hell, does the EFF even do
subscription confirmations yet? Or do they assume that anyone capable of
filling out a Web form is incapable of lying or mistyping their email
address? RFC2505 is five years old and a BCP now. Its first admonition
is to put an end to unauthorized relaying. Second is to provide trace
information in Received: headers. Oops! Both essentially outlaw
anonymous speech via email.

In a nutshell, email requires accountability. The EFF apparently thinks
that is too high a price to ask for email. 

-- 
join us!   http://hesketh.com/about/careers/web_designer.html   join us! 
hesketh.com/inc. v: +1(919)834-2552 f: +1(919)834-2554 w: http://hesketh.com
join us!   http://hesketh.com/about/careers/account_manager.htmljoin us!

Re: 71/8 and 72/8 reminder/plea

[Rob Thomas]

Hi, NANOGers.

] Friendly reminder that ARIN has been allocating from 71/8 and 72/8 since
] August.  If you have static bogon filters, PLEASE make sure they are
] updated.

Tired of updating your filters?  Worry no more!  Fire up a peering
session or two (we advocate two) to the Bogon Route-server project.
Leave the care and feeding of such filters to the tireless and
highly caffeinated crew at Team Cymru.

   

Don't speak BGP?  Don't want to peer?  No worries!  Use wget or
DNS to check those filters.

   

Filtering bogons doesn't solve every problem, but it does help to
reduce the problem set.  We solve this problem by degrees, not in
one fell swoop.  Our thanks to everyone who filters, uses uRPF,
etc.  We applaud you and appreciate your assistance in reducing
Internet garbage.  :)

   
   

Thanks!
Rob.
-- 
Rob Thomas
http://www.cymru.com
ASSERT(coffee != empty);

Re: Important IPv6 Policy Issue -- Your Input Requested

[Adi Linden]

> > About half of the devices within my on private network are statically
> > defined and for local use only. They will never need global access.
> > Because they are awkward to configure I do not want to renumber, ever.
> > My
> > solution is to use RFC1918 address space for this network.
>
> Use unique site locals for them in IPv6.

Aren't unique site locals associated with the mac address?

Adi

Re: EFF whitepaper

[Tom (UnitedLayer)]

On Mon, 15 Nov 2004, Steven Champeon wrote:
> And this affects those of us with not-so-old, not-so-slow machines how?

By the fact that there is no way in hell that he could relay a large
amount of spam...

> The bottom line is that Gilmore, and the EFF, have taken a very soft
> stance on spam, believing it to be less important than "free speech" or
> "anonymous speech".

By definition, the EFF's main concern is free speech and privacy.

>  http://eff.org/wp/?f=SpamCollateralDamage.html
>
> Wow. So, any collateral damage is unacceptable?

To me, and people who rely on email for reliable communication, yes
absolutely. Collateral damage is unacceptable, period.

Its even worse when administered punitively (like SPEWS/etc) because its
done with the intent of disrupting other people's lives. If you're going
to fight something, and you feel its worthwhile, fight it on the
high-road.

> In a nutshell, email requires accountability. The EFF apparently thinks
> that is too high a price to ask for email.

I think you're missing the point. Anonymous communication saves lives,
allows people to "blow the whistle", and in general it serves the greater
good to have it exist. Email already has an "audit trail" built into it,
and you can at least track it to some extent if you know what you're
doing. Does email need a DNA signature for the sender? In my mind no, you
can get that if you use PGP signatures and look how few people actually
use that.

Re: EFF whitepaper

[Patrick W Gilmore]

On Nov 15, 2004, at 5:47 PM, Tom (UnitedLayer) wrote:
In a nutshell, email requires accountability. The EFF apparently 
thinks
that is too high a price to ask for email.
I think you're missing the point. Anonymous communication saves lives,
allows people to "blow the whistle", and in general it serves the 
greater
good to have it exist. Email already has an "audit trail" built into 
it,
and you can at least track it to some extent if you know what you're
doing. Does email need a DNA signature for the sender? In my mind no, 
you
can get that if you use PGP signatures and look how few people actually
use that.
I hate e-mail as much as the next guy, more probably, having spent real 
$$ and lots of time, hardware, effort, etc. in support of the cause.  
But even I have to say that 1 e-mail/minute is an OK price to let 
people send anonymous e-mail if it really will save lives.  And this 
absolutely does.

If you come up with a better solution, I'm all ears.
--
TTFN,
patrick

Re: EFF whitepaper

[Steven Champeon]

on Mon, Nov 15, 2004 at 02:47:14PM -0800, Tom (UnitedLayer) wrote:
> On Mon, 15 Nov 2004, Steven Champeon wrote:
> > And this affects those of us with not-so-old, not-so-slow machines how?
> 
> By the fact that there is no way in hell that he could relay a large
> amount of spam...

You seem to be confusing the single instance with the widespread
application of the policy. My problem is with the latter, which is
what the EFF is pledged to defend in the face of widespread damage
to the medium they hope to save thereby.

Put simply, I'm fine with a few well-known anonymizing mail servers.
I also reserve the right to reject mail from them.

I am not fine with an organization pledged to defend the principle
for /all mail servers and spam sources/ regardless of whether they
are under the control of spammers (and with no mind paid to the fact
that a great deal of spam is sent via compromised machines that are
unlikely to be used by freedom fighters or whistleblowers, etc.)

Come on - do you really think the Russian mafia is going to allow free
use of their botnets so that Chechnian freedom fighters can post
propaganda? I don't. Not even if they were paid for it.

> > The bottom line is that Gilmore, and the EFF, have taken a very soft
> > stance on spam, believing it to be less important than "free speech" or
> > "anonymous speech".
> 
> By definition, the EFF's main concern is free speech and privacy.

And I have supported them in the past for exactly their dedication to
that concern. However, they now confuse government censorship on the one
hand, with the abuses of a system by fraudsters and others (often in
league with the very same countries whose censoring governments the EFF
opposes) on the other.

Alan Ralsky hosts his servers in China. Do you really think that the
goal of protecting freedom is served by encouraging everyone not to
reject mail from those servers? Given that China's rDNS is so hosed or
nonexistent as to make local, automated judgements difficult to
impossible, it's far easier for those of us who don't want Ralsky's junk
to simply reject all mail from China. If China doesn't like it, they
should reconsider hosting Ralsky. The same goes for any country or ISP
hosting or enabling spammers. And yes, I know that's a broad brush, and
may not be appropriate for everyone. That's my whole point - that by
ceding the spam battle over a misguided idea of protecting free speech,
the EFF is actually encouraging others to paint with similarly broad
brushes in their own defense - and undermining their own intentions.

I didn't make the decision to allow 419/AFFers to post through Tiscali's
webmail servers - Tiscali did, and they continue to let the abuses occur.

Bigpond has largely fixed their 419/AFF problem, by disallowing use of
their webmail accounts to non-AU users (in the process, they also broke
their Received: header trace information, but hey). Got a problem with
their policy? I don't.

I had a user here who got upwards of 100/day - nearly all 419/AFF spam.
Much of that has disappeared, thanks to the implementation here of
policies that others were incapable of making, in order to deal with
/their/ abuse problem, not mine.

Privacy is a great goal. In my mind, it has its price. If I want to vote
to protect my privacy, I register. If I want to drive a car, I get a
license and get insured, and can prove it in case I run into someone else.
If you want to be on the Internet, I damn well better be able to contact
you (or someone who has taken responsibility for your presence here) in
the event that you run dictionary attacks against my mail server, or try
to send a million spam messages through your broadband channel, or run
a worthless and buggy OS without a firewall and thereby let yourself get
owned by anyone and become a vector for abuse.

Barring that, I'll just block you and anyone who looks like you, and
call it a day, and selectively unblock or whitelist once you've met my
policy criteria.

Those who prattle on about rights forget about their corresponding
responsibilities, and undermine their very case by appearing to lack
any sense of the price we pay for the former through the latter.

> >  http://eff.org/wp/?f=SpamCollateralDamage.html
> >
> > Wow. So, any collateral damage is unacceptable?
> 
> To me, and people who rely on email for reliable communication, yes
> absolutely. Collateral damage is unacceptable, period.

Then it would behoove you to support efforts to make email accountable
rather than decry such attempts as censorship. Lacking other solutions
to the spam problem, everyone tries their own. Which is more important?
That we can all get behind industry-wide proposals, or that we all
uniquely splinter useful protocols due to our own necessities, dictated
by the demands of real usage? I'd love to stop wasting time chasing the
rats out of my mail server. Until then, I am doing what I can to analyze
inbound spam and adjust my policies accordingly to keep it out.

Rather than fig

Re: Important IPv6 Policy Issue -- Your Input Requested

[Iljitsch van Beijnum]

On 15-nov-04, at 23:10, Adi Linden wrote:
Aren't unique site locals associated with the mac address?
Not really. Unique site local addresses as such don't have anything to 
do with MAC addresses. However, most IPv6 addresses (including, 
presumably, unique site locals when they are deployed) contain a MAC 
address in the bottom 64 bits. This happens when stateless 
autoconfiguration is used: routers broadcast (well, multicast) the top 
64 bits and hosts fill in the lower 64 bits with a unique value. This 
was the MAC address (if available) until privacy advocates came along 
and now there is also RFC 3041 which uses random numbers for this.

Note though that it is by no means required to use stateless 
autoconfiguration: you can set the address(es) manually, or you can use 
DHCP for IPv6. Also note that (AFAIK) of the major OSes and out of the 
box, only Windows supports RFC 3041, and Windows and MacOS don't (yet?) 
come with DHCPv6 support, and it doesn't look like it's easy to add it 
yourself (like in the *nix world) either.

Re: EFF whitepaper

[Richard Welty]

On Mon, 15 Nov 2004 10:07:20 -0500 Peering <[EMAIL PROTECTED]> wrote:


> >From personal experience, whether you check that you want further
> mailings from MoveOn.org or not, they send them to you anytime you send
> anything (petitions, letters, etc) from their website.  They're also not
> that great about taking you off when you complain (I have had to
> complain 2-3 times per incident).  For this reason, no matter how I feel
> about the subject, I won't go through them anymore.

> Hopefully one of their contacts is listening, because their mail policy
> is really obnoxious.

deja vu all over again.

i had this conversation (about unconfirmed mailings) with a staffer at
the dean campaign earlier this year. the general feeling i got was that
they don't clearly understand the problem, and are much more concerned
about creating a barrier to entry than worrying about creating a barrier
to mail abuse.

sigh,
  richard
-- 
Richard Welty [EMAIL PROTECTED]
Averill Park Networking 518-573-7592
Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security

Re: IPV6 renumbering painless?

[Owen DeLong]

ASNs issued today are subject to annual renewal.  While this is a
small charge and doesn't go up based on the number of ASNs, so, not
100% effective at reclaiming all unused resources, it does, at least,
reclaim resources in use by defunct organizations that are no longer
paying the maintenance for them.
Owen
--On Monday, November 15, 2004 07:24:59 PM +0100 Kurt Erik Lindqvist 
<[EMAIL PROTECTED]> wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 2004-11-14, at 18.10, Iljitsch van Beijnum wrote:
On 13-nov-04, at 18:11, Hank Nussbacher wrote:
30% usage and we need 32 bit ASNs?
Usage is of course irrelevant, what counts is how many free ones are
left. This number is well below 70%.
We would be better off upgrading to 32 bits AS numbers sooner rather
than later (unless we're confident we'll never run out of 16 bit ones)
because this way there are enough 16 bit AS numbers left. The current
32 bit AS number proposal (that has been around for at least 4 years
now) should work very well for routers that aren't upgraded as long as
only leaf sites use the 32 bit AS numbers. 32 bit AS numbers for
transit ASes are best avoided until everyone has upgraded.
"32-bits should be enough for anyone", right? :-)
While I do think we need to start the upgrade process, I actually think
that we still need to find a process to reclaim unused resources.
Otherwise we will be back here sooner than later. And it will be much
harder to get these resources back when the net is even larger than
today...
- - kurtis -
-BEGIN PGP SIGNATURE-
Version: PGP 8.1
iQA/AwUBQZj0gKarNKXTPFCVEQIS9QCdFzA4dD9rrfaXpaA6dziFpUGHLnoAoK/y
nfctV6BhpuFJBvh2IXEl2tXt
=jnCA
-END PGP SIGNATURE-




pgpXowy8p6EV9.pgp
Description: PGP signature

Staying on topic (was Re: EFF whitepaper)

[Steve Gibbard]

At a meeting a few weeks ago, a bunch of us made the claim that the NANOG
list could in most cases be self-policing.  In that spirit, it seems worth
pointing out that this discussion of the Russian Mafia, Chechen freedom
fighters, the EFF, and China, seems to be heading in a direction that
would be a bit off-topic for the NANOG list.

-Steve

On Mon, 15 Nov 2004, Steven Champeon wrote:

> > on Mon, Nov 15, 2004 at 02:47:14PM -0800, Tom (UnitedLayer) wrote:
> > On Mon, 15 Nov 2004, Steven Champeon wrote:
> > > And this affects those of us with not-so-old, not-so-slow machines how?
> >
> > By the fact that there is no way in hell that he could relay a large
> > amount of spam...
>
> You seem to be confusing the single instance with the widespread
> application of the policy. My problem is with the latter, which is
> what the EFF is pledged to defend in the face of widespread damage
> to the medium they hope to save thereby.
>
> Put simply, I'm fine with a few well-known anonymizing mail servers.
> I also reserve the right to reject mail from them.
>
> I am not fine with an organization pledged to defend the principle
> for /all mail servers and spam sources/ regardless of whether they
> are under the control of spammers (and with no mind paid to the fact
> that a great deal of spam is sent via compromised machines that are
> unlikely to be used by freedom fighters or whistleblowers, etc.)
>
> Come on - do you really think the Russian mafia is going to allow free
> use of their botnets so that Chechnian freedom fighters can post
> propaganda? I don't. Not even if they were paid for it.
>
> > > The bottom line is that Gilmore, and the EFF, have taken a very soft
> > > stance on spam, believing it to be less important than "free speech" or
> > > "anonymous speech".
> >
> > By definition, the EFF's main concern is free speech and privacy.
>
> And I have supported them in the past for exactly their dedication to
> that concern. However, they now confuse government censorship on the one
> hand, with the abuses of a system by fraudsters and others (often in
> league with the very same countries whose censoring governments the EFF
> opposes) on the other.
>
> Alan Ralsky hosts his servers in China. Do you really think that the
> goal of protecting freedom is served by encouraging everyone not to
> reject mail from those servers? Given that China's rDNS is so hosed or
> nonexistent as to make local, automated judgements difficult to
> impossible, it's far easier for those of us who don't want Ralsky's junk
> to simply reject all mail from China. If China doesn't like it, they
> should reconsider hosting Ralsky. The same goes for any country or ISP
> hosting or enabling spammers. And yes, I know that's a broad brush, and
> may not be appropriate for everyone. That's my whole point - that by
> ceding the spam battle over a misguided idea of protecting free speech,
> the EFF is actually encouraging others to paint with similarly broad
> brushes in their own defense - and undermining their own intentions.
>
> I didn't make the decision to allow 419/AFFers to post through Tiscali's
> webmail servers - Tiscali did, and they continue to let the abuses occur.
>
> Bigpond has largely fixed their 419/AFF problem, by disallowing use of
> their webmail accounts to non-AU users (in the process, they also broke
> their Received: header trace information, but hey). Got a problem with
> their policy? I don't.
>
> I had a user here who got upwards of 100/day - nearly all 419/AFF spam.
> Much of that has disappeared, thanks to the implementation here of
> policies that others were incapable of making, in order to deal with
> /their/ abuse problem, not mine.
>
> Privacy is a great goal. In my mind, it has its price. If I want to vote
> to protect my privacy, I register. If I want to drive a car, I get a
> license and get insured, and can prove it in case I run into someone else.
> If you want to be on the Internet, I damn well better be able to contact
> you (or someone who has taken responsibility for your presence here) in
> the event that you run dictionary attacks against my mail server, or try
> to send a million spam messages through your broadband channel, or run
> a worthless and buggy OS without a firewall and thereby let yourself get
> owned by anyone and become a vector for abuse.
>
> Barring that, I'll just block you and anyone who looks like you, and
> call it a day, and selectively unblock or whitelist once you've met my
> policy criteria.
>
> Those who prattle on about rights forget about their corresponding
> responsibilities, and undermine their very case by appearing to lack
> any sense of the price we pay for the former through the latter.
>
> > >  http://eff.org/wp/?f=SpamCollateralDamage.html
> > >
> > > Wow. So, any collateral damage is unacceptable?
> >
> > To me, and people who rely on email for reliable communication, yes
> > absolutely. Collateral damage is unacceptable, period.
>
> Then it would behoove you 

The coming storm: .net

[Hank Nussbacher]

http://www.nwfusion.com/news/2004/111504dotnet.html
-Hank

Re: IPV6 renumbering painless?

[Kurt Erik Lindqvist]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


On 2004-11-16, at 02.24, Owen DeLong wrote:

> ASNs issued today are subject to annual renewal.  While this is a
> small charge and doesn't go up based on the number of ASNs, so, not
> 100% effective at reclaiming all unused resources, it does, at least,
> reclaim resources in use by defunct organizations that are no longer
> paying the maintenance for them.

Yes, but are they being resused?

- - kurtis -

-BEGIN PGP SIGNATURE-
Version: PGP 8.1

iQA/AwUBQZmp2qarNKXTPFCVEQK14wCg5vqd47Dud5JzlzYOT/8UgHYbz6kAoPp5
fLly4V9OFf8JxiQ6gecklCzP
=uhxv
-END PGP SIGNATURE-

Re: IPV6 renumbering painless?

[Jeroen Massar]

On Tue, 2004-11-16 at 08:18 +0100, Kurt Erik Lindqvist wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> 
> On 2004-11-16, at 02.24, Owen DeLong wrote:
> 
> > ASNs issued today are subject to annual renewal.  While this is a
> > small charge and doesn't go up based on the number of ASNs, so, not
> > 100% effective at reclaiming all unused resources, it does, at least,
> > reclaim resources in use by defunct organizations that are no longer
> > paying the maintenance for them.
> 
> Yes, but are they being resused?

I have seen IPv6 prefixes, that were allocated and then returned, being
allocated to another organization with somewhat a period of 6 months in
between. Thus one can assume that ASN will be re-used too. Of course I
think that the few couple of prefixes I happen to have seen this
happening with where 'given back' from the originally owning
organization and not reclaimed from them. Meaning that the RIR knew that
it was not in use anymore. Fortunately there are of course systems like
RIS (http://ris.ripe.net) to figure this out. Then again, allocations,
be they ASN's, IPv6 or IPv4 prefixes, are not only allocated for the
public internet usage, but solely to be globally unique.

Greets,
 Jeroen



signature.asc
Description: This is a digitally signed message part