On Wed, Sep 11, 2013 at 03:38:21PM -0400, Phillip Hallam-Baker wrote:
I disagree. DNSSEC is not just DNS: its the only available, deployed, and
(mostly) accessible global PKI currently in existence which also includes a
constrained path of trust which follows already established business
On Thu, Sep 12, 2013 at 10:22:10AM -0400, Paul Wouters wrote:
Any co-ercing that happens has to be globally visible, if the target
ensures he is using random nameservers to query for data.
Not necessarily. First of all, an active attacker located close to
the target can simply replace the
On Thu, Sep 12, 2013 at 04:46:01PM +, Ted Lemon wrote:
The model for this sort of validation is really not on a per-client
basis, but rather depends on routine cross-validation by various
DNSSEC operators throughout the network. This will not necessarily
catch a really focused attack,
On Tue, Sep 10, 2013 at 05:47:55PM -0400, John R Levine wrote:
I think we're entering the tinfoil zone here. Comodo is one of the
largest CAs around, with their entire income depending on people
paying them to sign web and code certs because they are seen as
trustworthy.
You might want to
On Fri, Sep 06, 2013 at 11:39:59PM -0400, Phillip Hallam-Baker wrote:
For purposes of email security it is not about the keys at all. It is the
email addresses that are the real killer.
I can be very sure that I have the right key for ted.le...@nominum.com but
is that who I know as Ted
On Fri, Sep 06, 2013 at 03:26:42PM +0100, Tony Finch wrote:
Theodore Ts'o ty...@mit.edu wrote:
Speaking of which, Jim Gettys was trying to tell me yesterday that
BIND refuses to do DNSSEC lookups until the endpoint client has
generated a certificate.
That is wrong. DNSSEC validation
One thing that would be helpful is to encourage the use of
Diffie-Hellman everywhere. Even without certificates that can be
trusted, we can eliminate the ability of casual, dragnet-style
surveillance. Sure, an attacker can still do a MITM attack. But (a)
people who are more clueful can do
On Fri, Sep 06, 2013 at 06:20:48AM -0700, Pete Resnick wrote:
In email,
we insist that you authenticate the recipient's certificate before
we allow you to install it and to start encrypting, and prefer to
send things in the clear until that is done. That's silly and is
based on the
On Thu, Oct 25, 2012 at 01:19:26PM -0700, Tony Hain wrote:
Clearly the IAOC is inadequately staffed if one person missing for an
extended period is inhibiting their activities.
This is the part which really confuses me. Why is this such an urgent
matter?
The stated reason in the IAOC
On Mon, Oct 22, 2012 at 01:14:07PM -0400, Noel Chiappa wrote:
If this memorial wiki page could be open to anyone who ever contributed
to any I* and for whom there was at least one person who wanted to
contribute the information, then fine.
Then it turns into (effectively) a
On Mon, Oct 22, 2012 at 03:03:58PM -0400, Noel Chiappa wrote:
But I still feel a mild level of need for a IETF HoF to recognize, and keep
prominent (for new members) the memory of past IETFers whose contributions
are worthy of recognition, but who probably don't rise to the level needed
for
A while back, someone shared (I think on the IETF list) a little quick
javascript hack that when loaded into the browser, would display a
countdown timer of the remaining amount of time that the speaker had to
speak, and and when the speaker started to go over, the mm:ss numbers
started counting
On Tue, Apr 18, 2006 at 03:45:17PM -0400, Keith Moore wrote:
not in my recollection. It's been awhile, but I recall pathalias being
used to do source routing - given a hostname, to specify a complete
path to that host. (I also recall it sometimes being used to do
rerouting - discarding the
On Tue, Apr 18, 2006 at 11:42:27AM -0400, Keith Moore wrote:
It smells remarkably like pathalias to me ;-)
except that I'm not proposing that border routers do source routing,
just that they map from PI identifiers to PA locators and prepend a
header that causes the payload to be routed to
On Fri, Mar 31, 2006 at 05:36:30AM +0200, Anthony G. Atkielski wrote:
More bogus math. Every time someone tries to compute capacity, he
looks at the address space in terms of powers of two. Every time
someone tries to allocate address space, he looks as the address space
in terms of a string
On Tue, Jan 31, 2006 at 09:31:08PM -0500, Sam Hartman wrote:
Harald I do not want the IETF to craft rules for X, and then
Harald re-craft them for Y, Z and W because hastily crafted
Harald rules did not fit the next situation to come along. I want
Harald the rules to be
On Thu, Jan 26, 2006 at 05:16:59PM +0100, Anthony G. Atkielski wrote:
Brian E Carpenter writes:
Exactly. If a WG group is discussing a dozen separate issues in parallel,
an active participant can easily send several dozen *constructive*
messages in a day. Our problem with disruptive
On Mon, Jan 23, 2006 at 04:36:11PM +0100, Anthony G. Atkielski wrote:
Filtering him out individually, as I do, is insufficient: one still must
read the polite or exasperated responses of others. I am almost at the
point where I will filter any posting that so much as *mentions* him.
Why
On Tue, Jan 10, 2006 at 08:09:10AM -0500, Brian Rosen wrote:
It's trivial for a human, but not for a computer.
Many things trivial for humans are not trivial for computers.
The kind of harvesting you are talking about is trivial for a human from any
format as long as your editor can paste
On Mon, Jan 09, 2006 at 12:57:56PM -0500, Gray, Eric wrote:
Usually, before you can actually seek consensus, you must have an
essentially binary choice. It is hard enough to reach consensus
on simple choices without turning up the process noise by having a
plethora of possible choices.
I
On Tue, Jan 03, 2006 at 02:59:34PM -0500, John C Klensin wrote:
(2) Development of a converter between the MS-XML output
of Word Pro 2003 and the XML input of RFC 2629bis so
that xml2rfc and its friends could take responsibility
for final formatting. Note that, if the
On Wed, Jan 04, 2006 at 12:45:40PM -0500, Gray, Eric wrote:
Ted,
If that happens, don't you think that we would be
obliged to object to their claims?
IMO, such claims would be easily defeated on the
same basis as most look feel claims have been beaten
in the past. In fact,
On Fri, Nov 18, 2005 at 10:53:39PM -0800, Ole Jacobsen wrote:
Ten years ago, MCI hosted the IETF in Dallas. Someone thought it would
be a nice idea to give every attendee an MCI card that would be good for
free calls to anywhere in the world during the IETF week.
Of course, the IETF
On Tue, Oct 18, 2005 at 12:52:29PM +0200, Eliot Lear wrote:
We have in my opinion had a consistently low operator turnout. I wonder
if it would be possible for us to align our conference dates in such a
way as to overlap with NANOG, RIPE, USENIX, LISA, and other appropriate
conferences
On Thu, Sep 29, 2005 at 06:00:18PM -0700, Nick Staff wrote:
2) Unless discussion of the decisions of the netiquette
committee, during the committee is considering a request, and
after the committee has rendered a decision, is ruled out of
scope, it's not going to help the very long
On Tue, Sep 27, 2005 at 06:47:36PM -0700, Nick Staff wrote:
2. An IETF netiquette committee, to offload list banning
procedures from the IESG.
I'm a big fan of the netiquette committee. I'd like to suggest that
volunteers be allowed to throw their names into the hat and that members
be
On Thu, Aug 25, 2005 at 09:25:29PM +0200, Stephane Bortzmeyer wrote:
If the IESG were to refuse to publish the Sender-ID document as it is,
it would not police everything: anyone can still do what he wants on
the Internet.
The only thing than the IETF can do is to bless or not the document,
On Tue, Aug 09, 2005 at 02:00:04PM -0700, Dave Crocker wrote:
So, Ted, please forgive me for using your posting to note a pattern,
but I'm sufficiently tired of the very regular and usually
hyperbole-filled pattern of misreading that happens in this realm,
so that I feel the need to take
On Tue, Aug 09, 2005 at 03:41:42PM -0500, Spencer Dawkins wrote:
Hi, Ted,
(offlist) - the current NOMCOM chair posted to the IETF list that for
two AD positions this cycle, there were only two candidates, and for a
third position, there were only three.
Are you saying that we may not be
On Mon, Aug 01, 2005 at 12:42:30PM -0400, Eric Rosen wrote:
the normal process for AD replacement involved choosing which of the
people who had worked with the AD for a long time could do the job this
time,
In American vernacular, this procedure is known as cronyism.
On Tue, Jul 05, 2005 at 07:02:11AM -0500, Spencer Dawkins wrote:
Oh, great...
As Harald noted, draft-klensin-iana-reg-policy is pretty prescriptive
about saying that if we're in conservation mode for a registry, we
also need to be in evasive-action mode (how do we get more room in
this
On Fri, Jul 01, 2005 at 01:02:29AM -0400, Ken Carlberg wrote:
My view is that your impression of the reaction is incorrect. in
taking the position that respondents can be classified as either:
a) being satisfied with the IESG *decision*, b) dissatisfied or
uncomfortable with the decision,
On Fri, Jul 01, 2005 at 07:20:37PM +0700, Robert Elz wrote:
I do not agree. To me, everything in 2434 is talking about what level
of documentation should be required to register a parameter (code point,
whatever you want to call it) via the IANA. The IESG approval
section contains
On Sat, Jul 02, 2005 at 01:18:31AM +0700, Robert Elz wrote:
Date:Fri, 1 Jul 2005 11:39:05 -0400
From:Margaret Wasserman [EMAIL PROTECTED]
No, I didn't say that at all, ever. What I said was that the IESG should
have determined whether there was adequate
On Fri, Jul 01, 2005 at 11:07:47PM +0200, JFC (Jefsey) Morfin wrote:
The list of satisfied is of ne real interest. The list of disatistied
seem important enough to say there is no consensus.
No IETF consensus is required to accept or deny a registration for the
registry in question under the
I agree with all of Joel's points, below, and add the following comments.
The fundamental philosophical assumption made by
draft-klensin-iana-reg-policy-00.txt goes too far is that registration
of code points is always a good thing, and it is never bad thing to
reserve a code point in the
On Thu, Jun 30, 2005 at 01:48:03AM -0400, Dean Anderson wrote:
Since when are _true_ facts about liars on a subject (open relays)
discussed in an IETF RFC, egregious? Is it against list policy to assert
that the IETF should be honest, and not associate with liars? I missed
that part.
On Mon, Jun 27, 2005 at 09:08:44AM -0700, Dave Crocker wrote:
Brian E Carpenter wrote:
I read it as a statment of fact. I could reasonably
rule it irrelevant and ask Harald not to repeat it.
I thought we also had a mechanism for taking action against posters who
violate list policy
On Mon, Jun 27, 2005 at 11:32:15AM -0700, Dave Crocker wrote:
As one of the IETF list's sargent at arms, I certainly don't see
Harald's one-time, single line posting as being egregious in any shape
or form. I also didn't see it as a personal attack.
sorry for the badly written note. i was
On Sun, Jan 02, 2005 at 10:33:37AM -0800, Glen Zorn (gwz) wrote:
BTW, how much worse are the Minneapolis temperatures in march vs
those in november?
Let's not go there: for some reason the powers-that-be have decided
that it's a great idea to gather at least once if not twice a year
in a
On Sun, Sep 12, 2004 at 03:03:02PM -0700, Joe Touch wrote:
Even the IETF distinguishes between normative refs and non-normative
(though it has a penchant for wanting to redefine those words too).
Private correspondence is not citable as a normative ref, nor are
(currently) IDs.
Put
On Mon, Jan 12, 2004 at 02:57:45PM -0500, Nathaniel Borenstein wrote:
Pardon me if I'm missing something obvious here, but couldn't one just
use either XMPP or Simple for presence, associate your server name
with a Jabber/Simple ID, and automatically have your server findable
via these
On Wed, Jan 14, 2004 at 08:43:58AM -0800, Fred Baker wrote:
It seems to me that there is a better approach to the above, at least in
the context of the above. If the tombstone is literally as described, it
would be far more space/search/etc efficient for us to have the tombstone
consist
On Fri, Jan 09, 2004 at 06:45:57PM -, Sabahattin Gucukoglu wrote:
On 9 Jan 2004 at 9:18, Harald Tveit Alvestrand [EMAIL PROTECTED] spoke, thus:
Why doesn't your friend use ETRN to trigger delivery of his queued mail
from his mate whenever he gets online?
He doesn't want his mate
On Thu, Dec 11, 2003 at 01:05:15PM -0800, Sally Floyd wrote:
A work-around for maintaining connectivity in the face of the broken
equipment was described in [Floyd00], and has been specified in RFC
3168 as a procedure that may be included in TCP implementations.
...
Some TCP
On Fri, Dec 12, 2003 at 09:01:09PM +0100, Anthony G. Atkielski wrote:
The problem is that RFC 3168 postdates all the RFCs that came before it,
and when something needs to be compatible with real-world systems that
are not all instantly and simultaneously upgraded, it needs to behave in
a way
On Fri, Dec 12, 2003 at 08:22:16AM +1200, Franck Martin wrote:
I cannot believe it !
I raised this thing to ISOC more than a year ago!!! I told them in
person at INET in Washington too...
They haven't done a dam thing since...
If you look on the Internet there is a list of
On Thu, Dec 11, 2003 at 09:06:06PM +0100, Anthony G. Atkielski wrote:
I also don't see why a firewall would drop packets just because reserved
bits are set, although I can see why it might be a configurable option
for the most paranoid users.
There are a lot of really dumb, dumb, dumb firewall
On Thu, Dec 11, 2003 at 10:10:44PM +0100, Anthony G. Atkielski wrote:
The dumb authors, I think, are those who built Linux implementations
that doggedly attempt to negotiate ECN and are unprepared for cases
where it does not work, even though it's unreasonable to assume that the
entire world
Just as a whimsical notion would it be possible to, ah, invite
some of the 802.11* wireless committees to have a colocated meeting
with the IETF at some point in the future? We could dangle the offer
of free wireless networking, plus an offer for them to see what a
real-life, large-scale
On Wed, Nov 19, 2003 at 11:26:30AM -0500, Brett Thorson wrote:
10% of the community using a wireless NIC was operating in ad-hoc or AP mode
at some point during the meeting.
Would it be possible to publish a list of MAC addresses that were
operating in ad-hoc or AP mode? If all of the
On Fri, Nov 14, 2003 at 03:51:34PM +0100, Roland Bless wrote:
You're lucky that your driver and card support this.
I don't know if there's a way to make this work for those cards where
the ap selection is done in firmware.
Unfortunately, the driver for my Lucent card doesn't support
On Thu, Nov 13, 2003 at 09:33:30PM -0500, Andrew Partan wrote:
Another suggestion - it would have been real useful if the software
on my laptop could have been told to ignore some APs (or some other
laptops pretending to be APs), or to only listen to this other set
of APs. White/black
Once again, we will be holding a PGP Key signing party at the IETF
meeting in Minneapolis. We have been scheduled to meet at 10:30pm on
the evening of Wednesday, November 12, 2003 in the Rochester room.
(Note that if the IETF Administration Plenary runs over, we will start
approximately 5
On Thu, Jun 19, 2003 at 07:49:14AM -0400, J. Noel Chiappa wrote:
My take is that NAT's respond to several flaws in the IPv4 architecture:
- 1) Not enough addresses - this being the one that brought them into
existence.
- 1a) Local allocation of addresses - a variant of the preceeding
On Thu, Jun 19, 2003 at 11:10:03AM -0700, Eric Rescorla wrote:
Users aren't physically handcuffed to their Internet connections.
They have choices as to who to purchase connectivity from. Those
users, if they chose, could purchase connectivity with static IP
addresses and no NAT. They by and
On Sat, Jun 07, 2003 at 07:28:12AM -0700, Dave Crocker wrote:
Tony,
TH I would like to see the outcome of a bof be identification of an
TH approach to globally verifiable authenticated email. I have no doubt
TH there will be many gaps in our current tool set (starting with a
TH deployable
On Wed, Jun 04, 2003 at 02:55:29PM +0300, Jari Arkko wrote:
I don't have a good suggestion on how to resolve this, however.
Perhaps the lowest common denominator is still a big enough
deterrent? Note that help from a network entity is not likely
solve this problem. Think about it: the average
On Wed, Jun 04, 2003 at 09:02:57AM +0300, Jari Arkko wrote:
Without trust roots, webs of trust, or additional
mailing list daemon features, signed e-mail doesn't
really add anything, at least not now.
Signed e-mail could help ensure that e-mail
sent to a list comes from the same person
On Wed, May 28, 2003 at 11:56:53AM -0700, Peter Deutsch wrote:
Concepts such as Hashcash or other payment-oriented systems, in which
you try to impose a cost on the sender to screen out bulk mailers, are
interesting enough, but I think they're addressing the wrong problem.
I've personally come
Once again, we will be holding a PGP Key signing party at the IETF
meeting in San Francisco. We have been scheduled to meet at 10:30pm
on the evening of Wednesday, March 19, 2003 in Continental 8/9. (Note
that if the IESG Open Plenary runs over, we will start approximately 5
minutes *after* the
On Sat, Mar 15, 2003 at 11:46:12AM -0800, Harald Tveit Alvestrand wrote:
We usually expect higher costs outside North America - London was even more
expensive than Yokohama.
Speaking from a purely extremely selfish point of view, as a North
American, how much would it help if we were to cut
On Thu, Feb 13, 2003 at 10:33:58PM -0800, Randy Bush wrote:
i have used jabber in ietf meetings and similarcontexts. it works
to coordinate stuff in real-time. but that was not my application
this time. i really was after the as much content of the meeting
as possible. to do that well in
For those of you who are in the Boston area, the following
presentation might be of interest, given recent discussions about
methods of compating SPAM. It is hosted by the MIT Laboratory for
Computer Science's Applied Security Reading Group.
- Ted
On Mon, Dec 09, 2002 at 07:12:44PM -0500, Michael StJohns wrote:
a) Sunset the area with a final decision point as 12/31/2003 and a closing
date of 03/01/2004. No further WGs will be chartered in this area.
b) Ask the Nomcom to appoint 1 area director not from the current set of
ADs for a
Once again, we will be holding a PGP Key signing party at the IETF
meeting in Atlanta. We have been scheduled to meet at 10:30pm on the
evening of Wednesday, November 20, 2002. (Note that if the IAB Open
Plenary runs over, we will start approximately 5 minutes *after* the
IAB Open Plenary
On Wed, Jul 24, 2002 at 10:32:22AM +0200, Brian E Carpenter wrote:
The issue here is that there is a MAY in RFC 3168 that IMHO should
be a SHOULD. That's the first MAY in section 6.1.1.1. If your ECN
code implemented that MAY, you would not have seen a problem.
Nope, not true. The
On Thu, May 30, 2002 at 11:13:24PM -0500, Dave Crocker wrote:
To underscore the point that Marshall has been making:
The IETF has a strong preference to use unencumbered technologies. When
there is a choice between encumbered and unencumbered, the working group
includes encumbrance into
Once again, we will be holding a PGP Key signing party at the IETF
meeting in Minneapolis. We have been scheduled to meet at 10:30pm on
the evening of Wednesday, March 20, 2002. The procedure we will use is
the following:
o People who wish to participate should email an ASCII extract of their
[EMAIL PROTECTED]
Non-voting members:
Theodore Ts'o [EMAIL PROTECTED] (nomcom chair)
Bernard Aboba [EMAIL PROTECTED] (previous nomcom chair)
Fred Baker [EMAIL PROTECTED] (IAB liasion)
Thomas Narten [EMAIL PROTECTED] (IESG liaison)
The role of non-voting members (from RFC 2727)
The nominations
[EMAIL PROTECTED]
Non-voting members:
Theodore Ts'o [EMAIL PROTECTED] (nomcom chair)
Bernard Aboba [EMAIL PROTECTED] (previous nomcom chair)
Fred Baker [EMAIL PROTECTED] (IAB liasion)
Thomas Narten [EMAIL PROTECTED] (IESG liaison)
The role of non-voting members (from RFC 2727)
The nominations
71 matches
Mail list logo