change
once SCTP's advantages become increasingly apparent with the rise of
data rates and desires for greater resiliency and security.
Regards,
Douglas Otis
the IETF hampered progress in
this area. Why band-aid on a solved problem?
Regards,
Douglas Otis
On 6/25/12 10:17 AM, Christopher Morrow wrote:
On Mon, Jun 25, 2012 at 1:09 PM, Douglas Otis
do...@mail-abuse.org wrote:
On 6/25/12 7:54 AM, Owen DeLong wrote:
It would have been better if IETF had actually solved this
instead of punting on it when developing IPv6.
Dear Owen,
The IETF
On 6/25/12 12:20 PM, William Herrin wrote:
On Mon, Jun 25, 2012 at 1:09 PM, Douglas Otis
do...@mail-abuse.org wrote:
On 6/25/12 7:54 AM, Owen DeLong wrote:
It would have been better if IETF had actually solved this
instead of punting on it when developing IPv6.
The IETF offered a HA
On 4/18/12 8:09 PM, Steven Bellovin wrote:
On Apr 18, 2012, at 5:55 32PM, Douglas Otis wrote:
Dear Jeroen,
In the work that led up to RFC3309, many of the errors found on the
Internet pertained to single interface bits, and not single data
bits. Working at a large chip manufacturer
to find
memory designs lacking internal error detection logic.
Regards,
Douglas Otis
On 1/26/12 7:35 AM, Cameron Byrne wrote:
1. You don't want to disclose what addresses you are using on your
internal network, including to the rir
2. You require or desire an address plan that your rir may consider
wasteful.
3. You don't want to talk to an rir for a variety of personal or
On 10/25/11 12:31 PM, Ricky Beam wrote:
On Tue, 25 Oct 2011 12:55:58 -0400, Owen DeLong o...@delong.com
wrote:
Wouldn't the right place for that form of rejection to occur be at
the mail server in question?
In a perfect world, yes. When you find a perfect world, send us an
invite.
I
On 10/6/11 7:26 PM, Paul Graydon wrote:
On 10/6/2011 4:02 PM, Wayne E Bouchard wrote:
In some circles, he's being compared to Thomas Edison. Apply your own
opinion there whether you feel that's accurate or not. I'll just state
this: Both men were pasionate about what they did. They each changed
On 9/1/11 11:52 AM, Cameron Byrne wrote:
On Thu, Sep 1, 2011 at 11:36 AM, Serge Vautoursergevaut...@yahoo.ca wrote:
Hello,
Things I understand: IPv6 is the long term solution to IPv4 exhaustion. For IPv6 to
work correctly, most of the IPv4 content has to be on IPv6. That's not there yet.
On 8/12/11 8:29 AM, Jeff Wheeler wrote:
I thought I'd chime in from my perspective, being the head router
jockey for a bunch of relatively small networks. I still find that
many routers have support for OSPF but not IS-IS. That, plus the fact
that most of these networks were based on OSPF
On 3/14/11 9:11 AM, William Allen Simpson wrote:
On 3/13/11 9:35 PM, goe...@anime.net wrote:
the real cesspool is POC registries. i wish arin would start revoking
allocations for entities with invalid POCs.
Hear, hear!
Leo's remembering the old days (80s - early '90s), when we checked
On 2/16/11 10:57 PM, Joe Abley wrote:
On 2011-02-16, at 02:44, Douglas Otis wrote:
Routers indicate local MTUs, but minimum MTUs are not assured to have 1280
octets when IPv4 translation is involved.
See Section 5 in rfc2460.
I've heard that interpretation of 2460 before from Bill Manning
On 2/15/11 11:09 PM, Joe Abley wrote:
On 2011-02-14, at 21:41, William Herrin wrote:
On Mon, Feb 14, 2011 at 7:24 PM, TR Shawts...@oitc.com wrote:
Just wondering what this community thinks of NIST in
general and their SP800-119 (
On 1/25/11 6:00 PM, Fernando Gont wrote:
On 24/01/2011 08:42 p.m., Douglas Otis wrote:
It seems efforts related to IP address specific policies are likely
doomed by the sheer size of the address space, and to be pedantic, ARP
has been replaced with multicast neighbor discovery which
On 1/24/11 11:04 AM, bmann...@vacation.karoshi.com wrote:
well... you are correct - he did say shorter. me - i'd hollar for my good
friends Fred and Radia (helped w/ the old vitalink mess) on the best way to
manage an arp storm and/or cam table of a /64 of MAC addresses. :) It was
hard
On 1/15/11 3:24 PM, Brandon Ross wrote:
On Sat, 15 Jan 2011, Owen DeLong wrote:
I really doubt this will be the case in IPv6.
I really hope you are right, because I don't want to see that either,
however...
Why do you suppose they did that before with IPv4? Sure you can make
the argument
On 1/14/11 11:49 AM, Jack Bates wrote:
On 1/14/2011 1:43 PM, Owen DeLong wrote:
Ah, but, the point here is that NAT actually serves as an enabling
technology for part of the attack he is describing. Another example
where NAT can and is a security negative. The fact that you refuse
to
On 1/14/11 4:10 PM, William Herrin wrote:
On Fri, Jan 14, 2011 at 2:43 PM, Owen DeLongo...@delong.com wrote:
Ah, but, the point here is that NAT actually serves as an enabling
technology for part of the attack he is describing.
As for strictly passive attacks, like the so-called drive by
On 1/13/11 5:48 PM, William Herrin wrote:
On Wed, Jan 12, 2011 at 10:02 PM, Mark Andrewsma...@isc.org wrote:
In messageaanlktikixf_mbuo-oskpjsw98vn5_d5wznui_pl37...@mail.gmail.com,
William
Herrin writes:
There's actually a large difference between something that's
impossible for a
On 12/14/10 2:38 PM, Richard A Steenbergen wrote:
On Tue, Dec 14, 2010 at 03:39:07PM -0600, Aaron Wendel wrote:
To what end? And who's calling the shots there these days? Comcast
has been nothing but shady for the last couple years. Spoofing
resets, The L3 issue, etc. What's the
On 11/29/10 1:18 PM, Jack Bates wrote:
On 11/29/2010 1:10 PM, John Kristoff wrote:
In a nutshell, as I recall, one of the prime motivating factors for
not standardizing jumbos was interoperability issues with the
installed base, which penalizes other parts of the network (e.g.
routers
On 10/4/10 6:55 PM, Kevin Stange wrote:
The most common situation where another host sends on your domain's
behalf is a forwarding MTA, such as NANOG's mailing list. A lot of MTAs
will only trust that the final MTA handling the message is a source
host. In the case of a mailing list, that's
On 10/4/10 12:47 PM, Greg Whynott wrote:
A partner had a security audit done on their site. The report said they were
at risk of a DoS due to the fact they didn't have a SPF record.
I commented to his team that the SPF idea has yet to see anything near mass
deployment and of the millions of
On 5/20/10 4:08 PM, Jeroen van Aart wrote:
James Bensley wrote:
Got the below message back from Hotmail when emailing a friend I email
every week. I have never experienced this particular error before, is
this just an indication of high traffic between Google Mail and
Hotmail?
Yes, high
On 3/29/10 12:06 PM, Tarig Yassin wrote:
Hi Jul
Dkim, SPF, and Domainkey are sender authentication methods for email system.
Which use Public Key Cryptography.
DKIM and Domainkeys use public key cryptography to authenticate
signature sources used for signing at least email From headers
On 12/17/09 4:54 AM, Tony Finch wrote:
On Wed, 16 Dec 2009, Douglas Otis wrote:
To avoid server access and hitting roots:
host-1.example.com. IN A 192.0.2.0
host-10.example.com. IN A 192.0.2.9
example.com.IN MX 0 host-1.example.com.
example.com.IN MX 90 host-10.example.com
On 12/16/09 3:59 AM, Tony Finch wrote:
On Wed, 16 Dec 2009, Mark Andrews wrote:
Douglas Otis wrote:
One might instead consider using:
example.com.IN MX 0 192.0.2.0
IN MX 10 192.0.2.1
...
IN MX 90 192.0.2.9
Which
On 12/16/09 4:48 PM, Paul Vixie wrote:
Douglas Otisdo...@mail-abuse.org writes:
If MX TEST-NET became common, legitimate email handlers unable to
validate messages prior to acceptance might find their server
resource constrained when bouncing a large amount of spam as well.
none of this
On 12/15/09 8:06 AM, Andy Davidson wrote:
Eric J Esslinger wrote:
I have a domain that exists solely to cname A records to another domain's
websites.
[...]
I found a reference to a null MX proposal, constructed so:
example.comINMX 0 .
[...]
Question: Is this a valid dns construct
On Dec 7, 2009, at 9:51 AM, Michael Holstein wrote:
The problem we face is that some people we work with can't do that
Then explain that client-side (their users, to whom they send mail) are
probably using Hotmail, et.al. and SPF will simply not allow spoofing which
is what they want
On 9/13/09 12:49 PM, joel jaeggli wrote:
Frank Bulk wrote:
[]
If anything, there's more of a disincentive than ever before for
ARIN to spend time on netblock sanitization.
This whole thread seems to be about shifting (I.E. by externalizing)
the costs of remediation. presumably the entities
This was responded to on the DNSEXT mailing list.
Sorry, but your question was accidentally attributed to Paul who
forwarded the message.
DNSEXT Archive: http://ops.ietf.org/lists/namedroppers/
-Doug
On 8/5/09 7:05 PM, Naveen Nathan wrote:
On Wed, Aug 05, 2009 at 09:17:01PM -0400, John R. Levine wrote:
...
It seems to me that the situation is no worse than DNSSEC, since in both
cases the software at each hop needs to be aware of the security stuff, or
you fall back to plain unsigned DNS.
On 8/5/09 9:48 AM, John Levine wrote:
Other than DNSSEC, I'm aware of these relatively simple hacks to add
entropy to DNS queries.
1) Random query ID
2) Random source port
3) Random case in queries, e.g. GooGLe.CoM
4) Ask twice (with different values for the first three hacks) and
compare
On 8/5/09 11:38 AM, Skywing wrote:
That is, of course, assuming that SCTP implementations someday clean up their act a bit.
I'm not so sure I'd suggest that they're really ready for prime time at this
point.
SCTP DNS would be intended for ISPs validating DNS where there would be
fewer
On 8/5/09 11:31 AM, Roland Dobbins wrote:
On Aug 6, 2009, at 1:12 AM, Douglas Otis wrote:
Having major providers support the SCTP option will mitigate disruptions caused
by DNS DDoS attacks using less resources.
Can you elaborate on this (or are you referring to removing the spoofing
On 8/5/09 2:49 PM, Christopher Morrow wrote:
and state-management seems like it won't be too much of a problem on
that dns server... wait, yes it will.
DNSSEC UDP will likely become problematic. This might be due to
reflected attacks, fragmentation related congestion, or packet loss.
When
On Aug 12, 2007, at 6:41 AM, John Levine wrote:
The problems with domain tasting more affect web users, with vast
number of typosquat parking pages flickering in and out of existence.
Domain tasting clearly affects assessments based upon domains. With
millions added and removed daily as
On May 24, 2007, at 10:45 PM, John Levine wrote:
I ask you: What would you suggest? It's quite hard to craft
technical solutions to policy failures.
Since the registrar business has degenerated into a race to the
bottom, I don't see anything better than setting a floor that is
the
40 matches
Mail list logo