Re: Association of Trustworthy Roots?

[Eric Brunner-Williams in Portland Maine]

Paul,

I ment to refer to the registry operator who operates the constellation of
nameservers for the .com zone, and wrote something else. I'm going to press
my red ears (both) to the copious available ice.

Eric

Re: Association of Trustworthy Roots?

[Paul Vixie]

> It isn't just that the root operators are silent.

wrt the panix debacle, why wouldn't the root operators have been silent?
the root zone was continuously available from all published servers with
excellent rtt, no measurable congestion, no inconsistencies, and up-to-date
serial numbers.  under those conditions, root operators will be silent.
-- 
Paul Vixie

Re: Root vs TLD (was Re: Association of Trustworthy Roots?)

[Eric Brunner-Williams in Portland Maine]

> You may or may not think Verisign as registry is blameless / disreputable
> and to blame for this incident.

There is causation for incoherence between the authoritative and 
non-authoritative nameservers for a particular data set.

> You may or may not think the gaining/losing registrars are blameless /
> disreputable for this incident.

There is causation for provisioning state change triggers to the database
used to construct a particular data set published by the authoritative
nameservers for that particular data set.

> Tou may or may not think that ICANN gTLD policy is blameless / disreputable
> for this incident.

There is causation for policy and mechanism that is articulated in end-to-end
transactions between registrants, intermediate entities, and registries.

These are not mutually exclusive. Blame and repute are secondary to the
correct reconstructions of causations.

Eric

Re: Association of Trustworthy Roots?

[William Allen Simpson]

[I first met Eric when I was a consultant helping put together the
NetBlazer for Telebit.  With my ISP hat on, we used NetBlazers for
many years, very stable.  I only wish that BellSouth had been as
stable.  We eventually switched to PortMasters for the improved
diagnostics of BellSouth's continually flapping lines.  However, we
continued to use the old NetBlazers for internal routing up until a
year or so ago.  They worked well, and supported AppleTalk, too.]
At Martin's insistence, and with Eric's kind permission:
Eric Brunner-Williams in Portland Maine wrote:
I didn't point out to him what he already knew. That he wrote me Sunday
morning (Sun, 16 Jan 2005 07:05:42 EST), a reply off-list to my note to
Perry before going to bed around midnight. "What did I miss? Why would
they call MIT's attorney?", and that I called his cell and office about
a half-dozen times until I got him around 8am, and after 10 or so minutes
of exchanges of observations on the situation, punctuated periodically by
"I'm sure you understand there is nothing we can do", and "I don't work
on the GRS side of Verisign", I concluded with "I have a message for Chuck
Gomes, tell him that liability minimization (doing nothing until ICANN
process authorized) is the wrong choice. This is a stability of the
internet issue."
 

Seems to me that Eric worked pretty hard on this at no recompense to
himself.  And remember he was a voice of reason, cautioning this list
to treat everyone as human beings.
Martin may have finally gotten the job done, and it may have been
beyond his formal job description, but I wish he'd remember to treat
the rest of us as human beings, too.
=--- Original Message 
From: "Hannigan, Martin" <[EMAIL PROTECTED]>
Date: Mon, 17 Jan 2005 00:50:46 -0500
Why isn't this on NANOG where it started? 

-M
PS: I used the netblazer in 93 and it was a POS.
---
Martin Hannigan
[EMAIL PROTECTED]
Verisign, Inc.
=Original Message-
From: Eric Brunner-Williams in Portland Maine <[EMAIL PROTECTED]>
To: Hannigan, Martin <[EMAIL PROTECTED]>
Date: Sun Jan 16 16:57:52 2005
Martin,
Bill and I worked together on the first demand-dialup router, the NetBlazer.
That was in 1991. 

Scott may have a different opinion, and arguably RRP registrar/registry
is semantically distinguishable from EPP registrar/registry semantics (but
I wrote an I-D that contained just such a comparison to show functional
equivalence), but having spent 1999 - 2003 focused on provisioning and
registrar/registry semantics, I have an opinion on the correctness of the
events of yesterday and today.
Earlier today I wrote off-list this:
  Just to be formal and clear however, we had an incoherent dns, and
  caching resolver operators introduced the incoherency to correct
  for an error published by the authoritative resolver operator. As
  one of the EPP authors, I see provisioning and publication as two
  distinct functions. How state change in the registry database was
  provisioned -- the registrar error, is not controlling on what the
  registry publishes as a zonefile. VGRS erred in publication of bad
  data, and its error persisted for at least 12 hours, if not 24 or
  more, after notice.
  
  Everything else is just policy. Your milage obviously varies.
  
VGRS's publication of the authoritative panix.com data was incorrect.  

Bill wrote:
The domain owner and ISP and registrar all clearly stated
that they had received no notification, and had not
approved the transfer.
I'd have used a different gramatical construct, and not distinguished
between panix the registrant and panix the isp, and I've no private
knowledge of Dotster's having made an affirmative response, but the
registrant's claim of non-receipt of transfer is sufficient.
Bill wrote:
	Notification and approval are required by the process. 

The weaker condition is simply notification, already asserted lacking
by the controlling authority, the registrant.
Bill wrote:
Therefore, it was proven to be circumvented. QED.
Xfr w/o notice is the result, but not the condition, so yes, QED.
Bill wrote:
Now, as to the actual mechanism of circumvention, that has
not yet been revealed here.
Knowlege is partial, however, unless VGRS makes the complete transactional
history public, it can't make a defense that any claim is invalid based upon
a claim that the knowledge is partial.
Bill wrote:
All we know is that a registry *supervisor* stopped the workers
from finishing their investigation.
I don't know how Bill knows that, but I know that I don't know the complete
transactional history from VGRS, and the reason for non-disclosure of the
state of the database is policy, and policy originates in supervisorial
VGRS staff, not operations staff. 

Bill wrote:
Clearly, this .com registry operator is not trustworthy.
I think everyone in the DNSSEC community holds this view, and we're all
attempting to work towards trust in the DNS. It may not be possi

Re: Association of Trustworthy Roots?

[Todd Vierling]

On Sun, 16 Jan 2005, John Palmer (NANOG Acct) wrote:

> See http://www.public-root.com for an alternative to the ICANN monopoly.
> Those folks are very concerned with security.

Whee, AlterNIC take 7!

In any case, these are *root* (".") servers, not gTLD (i.e., "com.")
servers; they defer to ICANN for those.  This wouldn't help one bit.

-- 
-- Todd Vierling <[EMAIL PROTECTED]> <[EMAIL PROTECTED]>

Root vs TLD (was Re: Association of Trustworthy Roots?)

[Alex Bligh]

--On 16 January 2005 15:18 -0500 William Allen Simpson 
<[EMAIL PROTECTED]> wrote:

While the Association of Trustworthy ISPs idea has some merit, we've
not been too successful in self-organizing lately.  ISP/C?
At the moment, I'm concerned whether we have trustworthy TLD operators.
Please distinguish (as I'm sure you are, but the subject line and, it seems
some replying aren't) between Root Servers on the one hand, and TLD
operators and the policy controlling them on the other.
You may or may not think Verisign as registry is blameless / disreputable
and to blame for this incident.
You may or may not think the gaining/losing registrars are blameless /
disreputable for this incident.
Tou may or may not think that ICANN gTLD policy is blameless / disreputable
for this incident.
What it has nothing to do with, however, is *root* policy (as in how the
root servers are operated and what goes in them) - it's gTLD policy. There
are plenty of things in the root other than gTLDs, and even policy
variation for gTLDs. Arguing for alternative roots is recipe for chaos and
less protection for existing registrants. Arguing for policy changes (or
even operator changes) within the TLD you find fault with is fair game.
To illustrate the point, .uk has (a) direct contracts between registry and
registrant (even when registered through a registrar), and (b)
registrar<->registar moves done by push (either by the losing registrar or
failing that by the registrant) rather than by pull. I make no claim it is
perfect, and am not even here going to argue it's superior. I will,
however, argue that the failure modes are substantially different. Do not
attempt to apply the same medicine to diverse illnesses!
(more details at
 http://www.nominet.org.uk
for those interested)
Alex

Re: Association of Trustworthy Roots?

[Hank Nussbacher]

At 09:31 PM 16-01-05 +0100, Elmar K. Bins wrote:
By chance - how is the press coverage of this incident? Has anybody
read anything in the (online) papers? Unfortunately I haven't been
able to follow the newsboards intensely this week-end, but Germany
seems very quiet about this.
The longest piece:

Also:
http://news.zdnet.com/2100-9588_22-5538227.html
-Hank

Re: Association of Trustworthy Roots?

[Hannigan, Martin]

I saw Martians this evening,  just like the movie, but the country song
didn't work.

They -did- have big heads encased in glass.
Go figure.

-M


---
Martin Hannigan
[EMAIL PROTECTED]
Verisign, Inc.


-Original Message-
From: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
To: North American Network Operators Group 
Sent: Sun Jan 16 19:39:01 2005
Subject: Re: Association of Trustworthy Roots?


Christopher L. Morrow wrote:

>On Sun, 16 Jan 2005, Chris Adams wrote:
>  
>
>>If the proper procedure was circumvented in the first place (which
>>appears to be the case with panix.com), then it should be circumvented
>>to repair the damage as fast as possible.
>>
>>
>
>If it can be proven to have been cicumvented, sure. I don't think anything
>beyond conjecture about that has been said 'publicly' yet, has it?
>
>  
>
Why yes, you must have missed the messages.  The domain owner and ISP
and registrar all clearly stated that they had received no notification,
and had not approved the transfer.  Notification and approval are
required by the process.  Therefore, it was proven to be circumvented. 
QED.

Now, as to the actual mechanism of circumvention, that has not yet been
revealed here.  All we know is that a registry *supervisor* stopped the
workers from finishing their investigation.

Clearly, this .com registry operator is not trustworthy.

-- 
William Allen Simpson
Key fingerprint =  17 40 5E 67 15 6F 31 26  DD 0D B9 9B 6A 15 2C 32

Re: Association of Trustworthy Roots?

[William Allen Simpson]

Christopher L. Morrow wrote:
On Sun, 16 Jan 2005, Chris Adams wrote:
 

If the proper procedure was circumvented in the first place (which
appears to be the case with panix.com), then it should be circumvented
to repair the damage as fast as possible.
   

If it can be proven to have been cicumvented, sure. I don't think anything
beyond conjecture about that has been said 'publicly' yet, has it?
 

Why yes, you must have missed the messages.  The domain owner and ISP
and registrar all clearly stated that they had received no notification,
and had not approved the transfer.  Notification and approval are
required by the process.  Therefore, it was proven to be circumvented. 
QED.

Now, as to the actual mechanism of circumvention, that has not yet been
revealed here.  All we know is that a registry *supervisor* stopped the
workers from finishing their investigation.
Clearly, this .com registry operator is not trustworthy.
--
William Allen Simpson
   Key fingerprint =  17 40 5E 67 15 6F 31 26  DD 0D B9 9B 6A 15 2C 32

Re: Association of Trustworthy Roots?

[Christopher L. Morrow]

On Sun, 16 Jan 2005, Sean Donelan wrote:

> On Sun, 16 Jan 2005, Christopher L. Morrow wrote:
> > assume Mr. Rosen and MIT do... If the proper process was started then
> > things look good, though unfortunately it may take some time to resolve
> > the problem. That process/procedure is in place for a good reason,
> > circumventing it will lead to problems in the long run. Do you circumvent
> > for MS, for AOL, for ATT? At what point do you draw the line? My home
> > business of pot painting?
>
> I agree rules and processes are important.  Instead of calling it
> circumvention, I would call it a robust exception handling process.  Both
> the intial process of protecting your identity, as well as the exception
> handling process in the event it is compromised, should be available for
> both my home domain as well as well-known companies like MS, AOL and
> AT&T. It should be as hard to steal my domain as it is to steal AOL.COM.
>
> Unfortunately, there is very little I can do to prevent a
> Registry/Registrar from giving my identity away without my
> permission.

So, more folks need to make the right noise at ICANN meetings about this
policy.

Re: Association of Trustworthy Roots?

[Christopher L. Morrow]

On Sun, 16 Jan 2005, Chris Adams wrote:

>
> Once upon a time, Christopher L. Morrow <[EMAIL PROTECTED]> said:
> > That process/procedure is in place for a good reason,
> > circumventing it will lead to problems in the long run. Do you circumvent
> > for MS, for AOL, for ATT? At what point do you draw the line? My home
> > business of pot painting?
>
> If the proper procedure was circumvented in the first place (which
> appears to be the case with panix.com), then it should be circumvented
> to repair the damage as fast as possible.

If it can be proven to have been cicumvented, sure. I don't think anything
beyond conjecture about that has been said 'publicly' yet, has it?

Re: Association of Trustworthy Roots?

[Christopher L. Morrow]

On Sun, 16 Jan 2005, Eric Brunner-Williams in Portland Maine wrote:

> Chris,
>
> CORE was neither the losing nor the gaining registrar. Please acquire
> context.

I did say I didn't know which part was where the 'contract problem' was...

Re: Association of Trustworthy Roots?

[Joshua Brady]

Sean,

> That's the asymmetric problem with identity theft.  Companies seem to
> make it easier to steal the identity (24x7 transfers with 10 minute zone
> file updates) than to correct the theft (only open Monday-Friday, find the
> right department, fill out multiple forms, wait 2 weeks, etc).

That just makes it hard to do business period, you need to make it
harder for a user to verify who they are. Such as a secret password
and a faxed in authorization form or choose your level of security.
 
> I agree rules and processes are important.  Instead of calling it
> circumvention, I would call it a robust exception handling process.  Both
> the intial process of protecting your identity, as well as the exception
> handling process in the event it is compromised, should be available for
> both my home domain as well as well-known companies like MS, AOL and
> AT&T. It should be as hard to steal my domain as it is to steal AOL.COM.

Yes, it should be equally as hard to steal your domain as it would be
to steal AOL, MS, AT&T, MCI or any of the larger "world-wide traffic
holders"

> Unfortunately, there is very little I can do to prevent a
> Registry/Registrar from giving my identity away without my
> permission.


Theres alot you can do, you can always complain. More complaints to
your registrar about security end up with alot more results. So try
that out.


-- 
Joshua Brady

Re: Association of Trustworthy Roots?

[Sean Donelan]

On Sun, 16 Jan 2005, Christopher L. Morrow wrote:
> assume Mr. Rosen and MIT do... If the proper process was started then
> things look good, though unfortunately it may take some time to resolve
> the problem. That process/procedure is in place for a good reason,
> circumventing it will lead to problems in the long run. Do you circumvent
> for MS, for AOL, for ATT? At what point do you draw the line? My home
> business of pot painting?

That's the asymmetric problem with identity theft.  Companies seem to
make it easier to steal the identity (24x7 transfers with 10 minute zone
file updates) than to correct the theft (only open Monday-Friday, find the
right department, fill out multiple forms, wait 2 weeks, etc).

I agree rules and processes are important.  Instead of calling it
circumvention, I would call it a robust exception handling process.  Both
the intial process of protecting your identity, as well as the exception
handling process in the event it is compromised, should be available for
both my home domain as well as well-known companies like MS, AOL and
AT&T. It should be as hard to steal my domain as it is to steal AOL.COM.

Unfortunately, there is very little I can do to prevent a
Registry/Registrar from giving my identity away without my
permission.

Re: Association of Trustworthy Roots?

[John Palmer (NANOG Acct)]

They don't have a mailing list that is public yet.  Might
be a good suggestion.

- Original Message - 
From: <[EMAIL PROTECTED]>
To: 
Sent: Sunday, January 16, 2005 5:35 PM
Subject: Re: Association of Trustworthy Roots?


> 
> On 16 Jan 2005 at 15:52, John Palmer (NANOG Acct) wrote:
> 
> > See http://www.public-root.com for an alternative to the ICANN monopoly.
> > Those folks are very concerned with security.
> 
> these folks don't seem very decentralized.  do you 
> know if they have a public mailing list?  there 
> doesn't seem to be much information on the website.
> 
> 
> > - Original Message - 
> > From: <[EMAIL PROTECTED]>
> > To: 
> > Sent: Sunday, January 16, 2005 3:45 PM
> > Subject: Re: Association of Trustworthy Roots?
> > 
> > 
> > > 
> > > On 16 Jan 2005 at 21:31, Elmar K. Bins wrote:
> > > 
> > > > [EMAIL PROTECTED] (William Allen Simpson) wrote:
> > > > 
> > > > > While the Association of Trustworthy ISPs idea has some merit, we've
> > > > > not been too successful in self-organizing lately.  ISP/C?
> > > > 
> > > > I thought we already had built such a thing, currently covered by ICANN.
> > > 
> > > let's think outside the box.
> > > 
> > > there's no reason that nanog (or anyone willing to run 
> > > a mailing list) couldn't create an ad hoc 
> > > decentralized Trustworthy ISP/Root service.  heck, 
> > > such a thing may even encourage more active 
> > > participation in nanog.  having a shared group 
> > > identity where the rubber meets the road is very 
> > > powerful.  it's the underlying motivator behind the 
> > > nanog, xBSD, GPL, torrent, tor, (pick your non-
> > > hierarchical community driven project), etc. clans.
> > > 
> > > there's also no reason that this has to replace ICANN. 
> > >  and it would likely have the exact result on existing 
> > > entities that you mention below - improved 
> > > trustworthiness.
> > > 
> > > 
> > > peace
> > > 
> > > 
> > > > But well...life changes everything, and for some (or many) or us, this
> > > > association doesn't seem so trustworthy anymore. Maybe it would be 
> > > > better
> > > > to improve trustworthiness of the existing authorities. I believe there
> > > > is still much room for participation, not to mention political issues
> > > > you simply cannot counter on a technical level.
> > > > 
> > > > 
> > > > > At the moment, I'm concerned whether we have trustworthy TLD 
> > > > > operators.
> > > > 
> > > > One can never know what's going on behind the scenes. Maybe Verysign
> > > > is on the issue, maybe not. I believe, there are at least three VS
> > > > people on this list who could address this. I don't know whether they
> > > > are allowed to.
> > > > 
> > > > 
> > > > > It's been about 24 hours, it is well-known that the domain has been
> > > > > hijacked, we've heard directly from the domain owner and operator,
> > > > > but the TLD servers are still pointing to the hijacker.
> > > > 
> > > > By chance - how is the press coverage of this incident? Has anybody
> > > > read anything in the (online) papers? Unfortunately I haven't been
> > > > able to follow the newsboards intensely this week-end, but Germany
> > > > seems very quiet about this.
> > > > 
> > > > Yours,
> > > > Elmar.
> 
> 

Re: Association of Trustworthy Roots?

[Chris Adams]

Once upon a time, Christopher L. Morrow <[EMAIL PROTECTED]> said:
> That process/procedure is in place for a good reason,
> circumventing it will lead to problems in the long run. Do you circumvent
> for MS, for AOL, for ATT? At what point do you draw the line? My home
> business of pot painting?

If the proper procedure was circumvented in the first place (which
appears to be the case with panix.com), then it should be circumvented
to repair the damage as fast as possible.

-- 
Chris Adams <[EMAIL PROTECTED]>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.

Re: Association of Trustworthy Roots?

[Eric Brunner-Williams in Portland Maine]

Chris,

CORE was neither the losing nor the gaining registrar. Please acquire
context. 

Eric
IANA-439, and CORE-124

Re: Association of Trustworthy Roots?

[Christopher L. Morrow]

On Sun, 16 Jan 2005, William Allen Simpson wrote:

>
> While the Association of Trustworthy ISPs idea has some merit, we've
> not been too successful in self-organizing lately.  ISP/C?
>
> At the moment, I'm concerned whether we have trustworthy TLD operators.
>
> It's been about 24 hours, it is well-known that the domain has been
> hijacked, we've heard directly from the domain owner and operator,
> but the TLD servers are still pointing to the hijacker.

(this is kinda old since it seems the problem is being reversed, but...)

It's possible that the process which exists today to move and un-move
domains from registrar to registrar is in fact working. It's also possible
that changing that process based on 'size of the abused' is not looked
upon kindly by:
1) operators
2) icann
3) the world at large

I'm not sure what's happening with Melbourne IT (is anyone aside from Mr
Rosen and MIT?) I'm also not sure what's going on with Verisign, though I
assume Mr. Rosen and MIT do... If the proper process was started then
things look good, though unfortunately it may take some time to resolve
the problem. That process/procedure is in place for a good reason,
circumventing it will lead to problems in the long run. Do you circumvent
for MS, for AOL, for ATT? At what point do you draw the line? My home
business of pot painting?

A process that is equally applied across the board serves all folks
better. Fixing the current process to have faster, more complete reaction
times would certainly seem in order (and I'd expect Mr Rosen and several
others here to have something to say about that at the next ICANN
meeting?).

As to the percieved lack of progress by a Registrar, it does seem strange
that ICANN/Verisign/Core (I'm not sure which of the three really) don't
have some sort of 24/7 management, monitoring and operations
requirements built into registrar contracts. Perhaps they do and this will
be some leaverage to revoke that contract?

-Chris

Re: Association of Trustworthy Roots?

[gnulinux]

On 16 Jan 2005 at 15:52, John Palmer (NANOG Acct) wrote:

> See http://www.public-root.com for an alternative to the ICANN monopoly.
> Those folks are very concerned with security.

these folks don't seem very decentralized.  do you 
know if they have a public mailing list?  there 
doesn't seem to be much information on the website.


> - Original Message - 
> From: <[EMAIL PROTECTED]>
> To: 
> Sent: Sunday, January 16, 2005 3:45 PM
> Subject: Re: Association of Trustworthy Roots?
> 
> 
> > 
> > On 16 Jan 2005 at 21:31, Elmar K. Bins wrote:
> > 
> > > [EMAIL PROTECTED] (William Allen Simpson) wrote:
> > > 
> > > > While the Association of Trustworthy ISPs idea has some merit, we've
> > > > not been too successful in self-organizing lately.  ISP/C?
> > > 
> > > I thought we already had built such a thing, currently covered by ICANN.
> > 
> > let's think outside the box.
> > 
> > there's no reason that nanog (or anyone willing to run 
> > a mailing list) couldn't create an ad hoc 
> > decentralized Trustworthy ISP/Root service.  heck, 
> > such a thing may even encourage more active 
> > participation in nanog.  having a shared group 
> > identity where the rubber meets the road is very 
> > powerful.  it's the underlying motivator behind the 
> > nanog, xBSD, GPL, torrent, tor, (pick your non-
> > hierarchical community driven project), etc. clans.
> > 
> > there's also no reason that this has to replace ICANN. 
> >  and it would likely have the exact result on existing 
> > entities that you mention below - improved 
> > trustworthiness.
> > 
> > 
> > peace
> > 
> > 
> > > But well...life changes everything, and for some (or many) or us, this
> > > association doesn't seem so trustworthy anymore. Maybe it would be better
> > > to improve trustworthiness of the existing authorities. I believe there
> > > is still much room for participation, not to mention political issues
> > > you simply cannot counter on a technical level.
> > > 
> > > 
> > > > At the moment, I'm concerned whether we have trustworthy TLD operators.
> > > 
> > > One can never know what's going on behind the scenes. Maybe Verysign
> > > is on the issue, maybe not. I believe, there are at least three VS
> > > people on this list who could address this. I don't know whether they
> > > are allowed to.
> > > 
> > > 
> > > > It's been about 24 hours, it is well-known that the domain has been
> > > > hijacked, we've heard directly from the domain owner and operator,
> > > > but the TLD servers are still pointing to the hijacker.
> > > 
> > > By chance - how is the press coverage of this incident? Has anybody
> > > read anything in the (online) papers? Unfortunately I haven't been
> > > able to follow the newsboards intensely this week-end, but Germany
> > > seems very quiet about this.
> > > 
> > > Yours,
> > > Elmar.

Re: Association of Trustworthy Roots?

[John Palmer (NANOG Acct)]

See http://www.public-root.com for an alternative to the ICANN monopoly.
Those folks are very concerned with security.

- Original Message - 
From: <[EMAIL PROTECTED]>
To: 
Sent: Sunday, January 16, 2005 3:45 PM
Subject: Re: Association of Trustworthy Roots?


> 
> On 16 Jan 2005 at 21:31, Elmar K. Bins wrote:
> 
> > [EMAIL PROTECTED] (William Allen Simpson) wrote:
> > 
> > > While the Association of Trustworthy ISPs idea has some merit, we've
> > > not been too successful in self-organizing lately.  ISP/C?
> > 
> > I thought we already had built such a thing, currently covered by ICANN.
> 
> let's think outside the box.
> 
> there's no reason that nanog (or anyone willing to run 
> a mailing list) couldn't create an ad hoc 
> decentralized Trustworthy ISP/Root service.  heck, 
> such a thing may even encourage more active 
> participation in nanog.  having a shared group 
> identity where the rubber meets the road is very 
> powerful.  it's the underlying motivator behind the 
> nanog, xBSD, GPL, torrent, tor, (pick your non-
> hierarchical community driven project), etc. clans.
> 
> there's also no reason that this has to replace ICANN. 
>  and it would likely have the exact result on existing 
> entities that you mention below - improved 
> trustworthiness.
> 
> 
> peace
> 
> 
> > But well...life changes everything, and for some (or many) or us, this
> > association doesn't seem so trustworthy anymore. Maybe it would be better
> > to improve trustworthiness of the existing authorities. I believe there
> > is still much room for participation, not to mention political issues
> > you simply cannot counter on a technical level.
> > 
> > 
> > > At the moment, I'm concerned whether we have trustworthy TLD operators.
> > 
> > One can never know what's going on behind the scenes. Maybe Verysign
> > is on the issue, maybe not. I believe, there are at least three VS
> > people on this list who could address this. I don't know whether they
> > are allowed to.
> > 
> > 
> > > It's been about 24 hours, it is well-known that the domain has been
> > > hijacked, we've heard directly from the domain owner and operator,
> > > but the TLD servers are still pointing to the hijacker.
> > 
> > By chance - how is the press coverage of this incident? Has anybody
> > read anything in the (online) papers? Unfortunately I haven't been
> > able to follow the newsboards intensely this week-end, but Germany
> > seems very quiet about this.
> > 
> > Yours,
> > Elmar.
> 
> 
> 
> 

Re: Association of Trustworthy Roots?

[Eric Brunner-Williams in Portland Maine]

It isn't just that the root operators are silent.

On the registrar's list there has been only five items on the subject.

1   Mark Jeftovic (easydns) who is on NANOG, copying the RC list.
2   Ross Rader (tucows) who is not, blowing it off,
no delta between authoritative and caching servers
3   Mark asking Ross if he's had coffee yet, and 
yes delta between authoritative and caching servers
4   Ross, yes he's had two cups and NANOG is a ton of mindless conjecture 
and pretty silly
5   Mark replies with panix.net's motd and ssl alert

That's it.

On the registry mailing list ... well, I'm not on the registry constituency
mailing list, I haven't been since I left NeuStar and .biz and .us (urk) and
.cn (fun), so I don't know, but my guess is the answer is somewhere near zero.

How about the IPC mailing list ... well, I never could get a group of
indigenous IPR experts admitted to the ICANN IPC, so since the Berlin
meeting I've not been on the IPC list, but again, knowing the actors  as
people, I'm going to buy an integer between -1 and +1.

So, after IPC and Registries and Registrars, where would anyone expect to
find a policy interest in the area, since ISP/C is wicked dead?

Eric

Re: Association of Trustworthy Roots?

[gnulinux]

On 16 Jan 2005 at 21:31, Elmar K. Bins wrote:

> [EMAIL PROTECTED] (William Allen Simpson) wrote:
> 
> > While the Association of Trustworthy ISPs idea has some merit, we've
> > not been too successful in self-organizing lately.  ISP/C?
> 
> I thought we already had built such a thing, currently covered by ICANN.

let's think outside the box.

there's no reason that nanog (or anyone willing to run 
a mailing list) couldn't create an ad hoc 
decentralized Trustworthy ISP/Root service.  heck, 
such a thing may even encourage more active 
participation in nanog.  having a shared group 
identity where the rubber meets the road is very 
powerful.  it's the underlying motivator behind the 
nanog, xBSD, GPL, torrent, tor, (pick your non-
hierarchical community driven project), etc. clans.

there's also no reason that this has to replace ICANN. 
 and it would likely have the exact result on existing 
entities that you mention below - improved 
trustworthiness.


peace


> But well...life changes everything, and for some (or many) or us, this
> association doesn't seem so trustworthy anymore. Maybe it would be better
> to improve trustworthiness of the existing authorities. I believe there
> is still much room for participation, not to mention political issues
> you simply cannot counter on a technical level.
> 
> 
> > At the moment, I'm concerned whether we have trustworthy TLD operators.
> 
> One can never know what's going on behind the scenes. Maybe Verysign
> is on the issue, maybe not. I believe, there are at least three VS
> people on this list who could address this. I don't know whether they
> are allowed to.
> 
> 
> > It's been about 24 hours, it is well-known that the domain has been
> > hijacked, we've heard directly from the domain owner and operator,
> > but the TLD servers are still pointing to the hijacker.
> 
> By chance - how is the press coverage of this incident? Has anybody
> read anything in the (online) papers? Unfortunately I haven't been
> able to follow the newsboards intensely this week-end, but Germany
> seems very quiet about this.
> 
> Yours,
>   Elmar.

Re: Association of Trustworthy Roots?

[James Edwards]

On Sun, 2005-01-16 at 13:31, Elmar K. Bins wrote:

> By chance - how is the press coverage of this incident? Has anybody
> read anything in the (online) papers? Unfortunately I haven't been
> able to follow the newsboards intensely this week-end, but Germany
> seems very quiet about this.
> 
> Yours,
>   Elmar.


slashdot has mentioned it, with lots of quotes from the NANOG list:

http://it.slashdot.org/it/05/01/16/0027213.shtml?tid=95&tid=172&tid=17

-- 
James H. Edwards
Routing and Security Administrator
At the Santa Fe Office: Internet at Cyber Mesa  
[EMAIL PROTECTED]
[EMAIL PROTECTED]
(505) 795-7101

Re: Association of Trustworthy Roots? (probably OT)

[Tom Vest]

On Jan 16, 2005, at 3:31 PM, Elmar K. Bins wrote:
By chance - how is the press coverage of this incident? Has anybody
read anything in the (online) papers? Unfortunately I haven't been
able to follow the newsboards intensely this week-end, but Germany
seems very quiet about this.
Nothing in the offline papers, but panix.com does appear once in print 
as the email home of business journalist and Newsweek "Wall Street" 
editor Allan Sloan, whose unflattering article about 
Cheney-Halliburton-asbestos appeared in the Washington Post on January 
11.

The article is here:
http://www.washingtonpost.com/wp-dyn/articles/A64535-2005Jan10.html
TV

Re: Association of Trustworthy Roots?

[Elmar K. Bins]

[EMAIL PROTECTED] (William Allen Simpson) wrote:

> While the Association of Trustworthy ISPs idea has some merit, we've
> not been too successful in self-organizing lately.  ISP/C?

I thought we already had built such a thing, currently covered by ICANN.
But well...life changes everything, and for some (or many) or us, this
association doesn't seem so trustworthy anymore. Maybe it would be better
to improve trustworthiness of the existing authorities. I believe there
is still much room for participation, not to mention political issues
you simply cannot counter on a technical level.


> At the moment, I'm concerned whether we have trustworthy TLD operators.

One can never know what's going on behind the scenes. Maybe Verysign
is on the issue, maybe not. I believe, there are at least three VS
people on this list who could address this. I don't know whether they
are allowed to.


> It's been about 24 hours, it is well-known that the domain has been
> hijacked, we've heard directly from the domain owner and operator,
> but the TLD servers are still pointing to the hijacker.

By chance - how is the press coverage of this incident? Has anybody
read anything in the (online) papers? Unfortunately I haven't been
able to follow the newsboards intensely this week-end, but Germany
seems very quiet about this.

Yours,
Elmar.

Association of Trustworthy Roots?

[William Allen Simpson]

While the Association of Trustworthy ISPs idea has some merit, we've
not been too successful in self-organizing lately.  ISP/C?
At the moment, I'm concerned whether we have trustworthy TLD operators.
It's been about 24 hours, it is well-known that the domain has been
hijacked, we've heard directly from the domain owner and operator,
but the TLD servers are still pointing to the hijacker.
--
William Allen Simpson
   Key fingerprint =  17 40 5E 67 15 6F 31 26  DD 0D B9 9B 6A 15 2C 32