Sure - but what was being discussed in this thread was transparent / on the
fly rewrites of root server responses getting exposed to people beyond
china.
Whether these responses should be altered / censored within china or not is
a different can of worms, and that too has nothing at all to do with
On Mon, 03 Oct 2011 11:29:43 +0530, Suresh Ramasubramanian said:
> 120K domains - basically cnnic seems to have finally got tired of russian
No, I think Randy was referring to this sort of thing:
http://www.theregister.co.uk/2011/02/18/fed_domain_seizure_slammed/
pgpZ8g15XRvjK.pgp
Description:
120K domains - basically cnnic seems to have finally got tired of russian
botmaster types registering thousands of domains at a time, and put in a
rule that says you need business registration in China / ID in china to
register a .cn
Beyond that, that's one ccTLD - however large. There are multi
china nukes 120,000 domains for going against the policy of the state.
oops! that wasn't china, was it?
perhaps, we should postpone telling others what to do until our side of
the street is clean?
randy
On Sun, Oct 2, 2011 at 10:11 PM, Jay Ashworth wrote:
>> DNSSEC should help this issue dramatically. This however could be problematic
>> if the Chinese govt (or any repressive regime) decides to ban the use of
>> technology that allows a user to identify when they're being repressed.
> We won't be
On Sun, Oct 2, 2011 at 11:11 PM, Jay Ashworth wrote:
> - Original Message -
>> From: "Valdis Kletnieks"
>
>> DNSSEC should help this issue dramatically. This however could be problematic
>> if the Chinese govt (or any repressive regime) decides to ban the use of
>> technology that allows
- Original Message -
> From: "Valdis Kletnieks"
> DNSSEC should help this issue dramatically. This however could be problematic
> if the Chinese govt (or any repressive regime) decides to ban the use of
> technology that allows a user to identify when they're being repressed.
We won't be
In a message written on Sun, Oct 02, 2011 at 05:30:37PM -0400, Todd Underwood
wrote:
> i guess my questions now are:
>
> 1) how long was this happening?
> 2) can any root server operator who serves data inside of china verify
> that the data that they serve have not been rewritten by the great
>
On 10/2/11 15:43 , Joel jaeggli wrote:
> On 10/2/11 15:25 , Jimmy Hess wrote:
>> On Sun, Oct 2, 2011 at 4:53 PM, wrote:
>>> On Sun, 02 Oct 2011 08:38:36 PDT, Michael Thomas said:
I'm not sure why lack of TLS is considered to be problem with Facebook.
The man in the middle is the other s
On 10/2/11 15:25 , Jimmy Hess wrote:
> On Sun, Oct 2, 2011 at 4:53 PM, wrote:
>> On Sun, 02 Oct 2011 08:38:36 PDT, Michael Thomas said:
>>> I'm not sure why lack of TLS is considered to be problem with Facebook.
>>> The man in the middle is the other side of the connection, tls or otherwise.
>> O
On Sun, Oct 2, 2011 at 4:53 PM, wrote:
> On Sun, 02 Oct 2011 08:38:36 PDT, Michael Thomas said:
>> I'm not sure why lack of TLS is considered to be problem with Facebook.
>> The man in the middle is the other side of the connection, tls or otherwise.
> Ooh.. subtle. :)
Man in the Middle (MITM) i
valdis, all,
On Sun, Oct 2, 2011 at 6:02 PM, wrote:
> On Sun, 02 Oct 2011 17:30:37 EDT, Todd Underwood said:
>
>> 2) can any root server operator who serves data inside of china verify
>> that the data that they serve have not been rewritten by the great
>> firewall?
>
> DNSSEC should help this
On Sun, 02 Oct 2011 12:08:35 PDT, Leo Bicknell said:
> ISC has verified our PEK2 route was being leaked further than
> intended, and for the moment we have pulled the route until we can
> get confirmation from our partners that the problem has been resolved.
So Leo - you don't have to give us a f
On Sun, 02 Oct 2011 17:30:37 EDT, Todd Underwood said:
> 2) can any root server operator who serves data inside of china verify
> that the data that they serve have not been rewritten by the great
> firewall?
DNSSEC should help this issue dramatically. This however could be problematic
if the Ch
On Sun, 02 Oct 2011 08:38:36 PDT, Michael Thomas said:
> I'm not sure why lack of TLS is considered to be problem with Facebook.
> The man in the middle is the other side of the connection, tls or otherwise.
Ooh.. subtle. :)
pgpOeyIJAJoCA.pgp
Description: PGP signature
leo, all,
in the past, name servers that operated inside of china were subject
to arbitrary rewriting or blocking of their results by the Great
Firewall.
this is obviously bad for Chinese citizens but it's *dramatically*
worse for people outside of china who end up reaching a root server in
china
In a message written on Sun, Oct 02, 2011 at 05:40:23PM +, Janne Snabb
wrote:
> I happened to notice the following at three separate sites around
> the US and one site in Europe:
ISC has verified our PEK2 route was being leaked further than
intended, and for the moment we have pulled the rout
On Sun, 2 Oct 2011 17:40:23 + (UTC), Janne Snabb wrote
> I happened to notice the following at three separate sites around
> the US and one site in Europe:
Getting palo alto from east coast.
3 10gigabitethernet1-2.core1.atl1.he.net (2001:470:0:1b5::2) 8.166 ms
8.135 ms 8.103 ms
4 20
I see similar, intermittedly
# dig +short +norec @F.ROOT-SERVERS.NET HOSTNAME.BIND CHAOS TXT
"pek2a.f.root-servers.org"
# dig +short +norec @F.ROOT-SERVERS.NET HOSTNAME.BIND CHAOS TXT
"ord1b.f.root-servers.org"
On Sun, Oct 2, 2011 at 12:40 PM, Janne Snabb wrote:
> I happened to notice the
William Allen Simpson wrote:
On 10/2/11 12:36 PM, Jimmy Hess wrote:
On Sun, Oct 2, 2011 at 10:38 AM, Michael Thomas wrote:
I'm not sure why lack of TLS is considered to be problem with Facebook.
The man in the middle is the other side of the connection, tls or
otherwise.
That's where the X5
Can not reach Centurylink/qwest from time Warner.
I happened to notice the following at three separate sites around
the US and one site in Europe:
$ dig +short +norec @F.ROOT-SERVERS.NET HOSTNAME.BIND CHAOS TXT
"pek2a.f.root-servers.org"
and:
$ dig +short +norec @F.ROOT-SERVERS.NET HOSTNAME.BIND CHAOS TXT
"pek2b.f.root-servers.org"
After runni
On 10/2/11 12:36 PM, Jimmy Hess wrote:
On Sun, Oct 2, 2011 at 10:38 AM, Michael Thomas wrote:
I'm not sure why lack of TLS is considered to be problem with Facebook.
The man in the middle is the other side of the connection, tls or otherwise.
That's where the X509 certificate comes in. A ma
On Sun, Oct 2, 2011 at 10:38 AM, Michael Thomas wrote:
> I'm not sure why lack of TLS is considered to be problem with Facebook.
> The man in the middle is the other side of the connection, tls or otherwise.
That's where the X509 certificate comes in. A man in the middle
would not have the prop
William Allen Simpson wrote:
In accord with the recent thread, "facebook spying on us?"
We should also worry about other spying on us. Without
some sort of rudimentary security, all that personally
identifiable information is exposed on our ISP networks,
over WiFi, etc.
Facebook claims to be a
> Data Center Knowledge posted about 20 minutes of very poorly shot
> video of Prineville. They're Open Compute servers in 'triplet' racks.
[...]
> Their power supply (also open) runs across 2 legs of a 277/480 3-phase
> feed, which is usually what the substation supplies to your PDUs,
> which ste
26 matches
Mail list logo