On Mon, 23 Nov 2009, Jared Mauch wrote:
>
> I don't see operators jumping at the idea of central trust anchor
> myself, no more than I see everyone ready to sign the root zone.
You know the root zone is supposed to be signed next week?
http://www.ripe.net/ripe/meetings/ripe-59/presentations
On Thu, 24 Sep 2009, Paul Vixie wrote:
>
> i recently explored webmail for my family and found "prayer", which is a
> pure C application (no php, no perl) built on the uw-imap c-client library.
> it's blindingly fast even for thousands of huge mailboxes stored in MH
> format. anyone who was using
On Wed, 5 Aug 2009, Naveen Nathan wrote:
>
> I might misunderstand how dnscurve works, but it appears that dnscurve
> is far easier to deploy and get running.
Not really. There are multiple competing mature implementations of DNSSEC
and you won't be in a network of 1 if you deploy it.
Tony.
--
f
On Wed, 8 Jul 2009, bmann...@vacation.karoshi.com wrote:
>
> You mean someone wants the code? I'll be happy to put it back up
> if folks are interested.
Thanks for putting the web pages back up. Is it possibl to publish the
code too?
Tony.
--
f.anthony.n.finchhttp://dotat.at/
GE
On Thu, 18 Jun 2009, Lyndon Nerenberg wrote:
>
> Except for those ISPs who choose to intercept port 587 as well. This is
> a big problem with Rogers in Vancouver. They hijack port 587 connections
> through some sort of lame proxy that connects you to your intended host,
> but strips the AUTH field
On Wed, 6 May 2009, Karl Auer wrote:
> On Tue, 2009-05-05 at 15:58 -0400, Ricky Beam wrote:
> > "stateless" with "constant" and "consistent". SLAAC doesn't need to
> > generate the exact same address everytime the system is started.
>
> No - but it is *phenomenally useful* if it does. Changing add
On Tue, 17 Mar 2009, Joe Maimon wrote:
>
> > TCP needs drops to manage to the right speed.
>
> This is whats bad. TCP should be slightly more intelligent and start
> considering rtt jitter as its primary source of congestion information.
TCP Vegas did this but sadly it never became popular.
(It do
On Thu, 26 Feb 2009, John R. Levine wrote:
>
> Sounds like it might be time to reconsider your mailing list config. A decade
> ago, bandwidth was really expensive and it made sense to try to load up lots
> of recipients per delivery. These days it's essentially free, and any saving
> in bandwidth
On Wed, 25 Feb 2009, John Levine wrote:
>
> AOL sends its spam button feedback in industry standard ARF format. It
> took me about 20 minutes to write a perl script that picks out the
> relevant bits from AOL and Hotmail feedback messages and sends unsub
> commands to my list manager.
Yes, but you
On Wed, 25 Feb 2009, mike wrote:
>
> I accuse postini of having exactly this vulnerabillity - that one user
> classing mail as spam automatically means it marks all other mail from that
> user to everyone else. There really outta be some transparency here so that
> everyone understands the how and
On Wed, 25 Feb 2009, Suresh Ramasubramanian wrote:
>
> Christ .. Yahoo did say "complaints". And it can take a very low
> level of complaints before a block goes into place - especially for
> low volume (corporate etc) mailservers.
I don't think this is Yahoo reacting to spam complaints because a
On Thu, 5 Feb 2009, Paul Timmins wrote:
> John Schnizlein wrote:
> >
> > Maybe upgrades, service packs and updates will make them capable of using
> > DHCPv6 for useful functions such as finding the address of an available name
> > server by the time IPv6-only networks are in operation.
>
> And if
On Fri, 16 Jan 2009, Jeff Mitchell wrote:
> You're right; certificate verification was turned on on my end simply because
> I'd never had a reason to turn it off (since in recent times the majority of
> my mail goes through their gateway, which has never presented an invalid
> certificate to me be
On Fri, 16 Jan 2009, Florian Weimer wrote:
>
> There's no PKI for Internet Mail routing, so I don't see what you get
> by checking certificates at all.
That's not entirely true. SMTP over TLS is intended to work for
inter-domain SMTP, and it is in fact quite frequently used. However it is
utterly
On Tue, 4 Nov 2008, Lincoln Dale wrote:
> > There is an emerging need to distribute highly accurate time
> > information over IP and over MPLS packet switched networks (PSNs).
>
> good of you to ask. it exists today.
> http://ieee1588.nist.gov/
According to the TICTOC charter, you need more than
On Thu, 2 Oct 2008, Patrick W. Gilmore wrote:
>
> Personally, I am glad GOOG is posting their PUE. People who talk about
> additional metrics are correct - more information is better. But some
> information is better than none, and PUE is a perfectly valid data
> point. It doesn't measure everythi
On Fri, 5 Sep 2008, Michael Thomas wrote:
>
> I thought that these bot nets were so massive that it is pretty
> easy for them to fly under the radar for quotas, rate limiting, etc.
> Not that all bot nets are created equal, and there aren't local hot
> spots for whatever reason, but putting on the
On Wed, 3 Sep 2008, Keith Medcalf wrote:
>
> Why would the requirements for authentication be different depending on
> the port used to connect to the MTA?
It's easier to configure the MTA if you make a distinction between
server-to-server traffic and client-to-server traffic. In fact my systems
d
On Thu, 4 Sep 2008, Jean-François Mezei wrote:
>
> Consider an employee of chocolate.com working from home. he connects to
> Chocolate.com's SMTP server to send mail, but his ISP intercepts the
> connection and routes the email via its own. The email will then be sent
> by the ISP's SMTP server.
A
On Wed, 3 Sep 2008, Jay R. Ashworth wrote:
>
> Well, that depends on MUA design, of course, but it's just been pointed
> out to me that the RFC says MAY, not MUST.
Note that there are TWO relevant RFCs: RFC 4409 and RFC 5068. The latter
says:
3.1. Best Practices for Submission Operation
Subm
On Wed, 3 Sep 2008, Alec Berry wrote:
>
> At the very least, you can run stunnel to allow incoming
> mail submission on port 465 (SMTP + SSL).
I would be very very careful with that kind of setup. Connections to port
25 from localhost (even if they are from stunnel running on localhost)
often bypa
On Tue, 19 Aug 2008, Michael Thomas wrote:
> Justin M. Streiner wrote:
> >
> > I don't operate an ISP network (not anymore, anyway...). My customers
> > are departments within my organization, so a /64 per department/VLAN
> > is more sane/reasonable for my environment.
>
> Uh, the lower 64 bits of
On Mon, 11 Aug 2008, Jay R. Ashworth wrote:
>
> Everyone seems to continue asking "why can poisoning overwrite already
> cached answer" and no one seems to be answering, and, unless I'm a
> moron (which is not impossible), that's the crux of this issue.
Add me to the list of baffled observers. As
On Mon, 28 Jul 2008, Colin Alston wrote:
>
> In fact, why *don't* implementations discard authoritative responses
> from non-authoritative hosts? Or do we? Or am I horribly wrong?
The response is spoofed so that it appears to come from the correct host.
> There's an argument that IP spoofing can
On Mon, 28 Jul 2008, Colin Alston wrote:
>
> If NS records pointed to IP's instead of names then this problem might not
> exist.
That would make no difference to Kaminsky's attack, since it's the NS
records he's overwriting, not the glue.
Tony.
--
f.anthony.n.finch <[EMAIL PROTECTED]> http://d
On Sat, 26 Jul 2008, Dorn Hetzel wrote:
> Ok, it's probably a stupid question, but given the relative ease of putting
> 4gb+ ram on a 64bit platform,
> could packet per second performance be improved by brute forcing the route
> lookup as an array of 1 byte destination interface indexes for a cont
On Wed, 23 Jul 2008, Kevin Day wrote:
>
> The new way is slightly more sneaky. You get the victim to try to
> resolve an otherwise invalid and uncached hostname like 1.gmail.com,
> and try to beat the real response with spoofed replies. Except this time
> your reply comes with an additional rec
On Mon, 30 Jun 2008, Jay R. Ashworth wrote:
> On Mon, Jun 30, 2008 at 06:47:30PM +0100, Tony Finch wrote:
> >
> > Trailing dots in email addresses are a syntax error.
>
> In fact, Mutt (1.2.5) permits the trailing dot, and delivers the mail,
> and all the intervening MTAs (
On Tue, 1 Jul 2008, David Conrad wrote:
>
> I could maybe see a problem with ".LOCAL" due to mdns or llmnr or ".1"
> due to the risk of someone registering "127.0.0.1"
RFC 1123 section 2.1 says TLDs can't be purely numeric.
Tony.
--
f.anthony.n.finch <[EMAIL PROTECTED]> http://dotat.at/
BISCAY
On Tue, 1 Jul 2008, [EMAIL PROTECTED] wrote:
> On Mon, Jun 30, 2008 at 07:19:45PM +0100, Tony Finch wrote:
> > On Sun, 29 Jun 2008, [EMAIL PROTECTED] wrote:
> > >
> > > one might legitimately argue that ICANN is in need of some serious
> > > regulation that
On Tue, 1 Jul 2008, Stephane Bortzmeyer wrote:
> On Mon, Jun 30, 2008 at 06:36:06PM +0100,
> Tony Finch <[EMAIL PROTECTED]> wrote
> a message of 15 lines which said:
>
> > It makes the "public suffix list" project harder, but so long as the
> > li
On Sun, 29 Jun 2008, [EMAIL PROTECTED] wrote:
>
> one might legitimately argue that ICANN is in need of
> some serious regulation
>
> that can happen at that national level or on the international
> level.
Doesn't ICANN already work like an international regulator?
Ton
On Mon, 30 Jun 2008, Matthew Petach wrote:
>
> Or should I always ensure that resolvers reach my domain explicitly by
> including the trailing "dot" in all uses, so that my email would be
> given out as "[EMAIL PROTECTED]" in the hopes that everyone would correctly
> remember to add the "." at the
On Sun, 29 Jun 2008, Stephane Bortzmeyer wrote:
>
> I am very curious of what tests a "security-aware programmer" can do,
> based on the domain name, which will not be possible tomorrow, should
> ICANN allow a few more TLDs.
It makes the "public suffix list" project harder, but so long as the list
On Sun, 29 Jun 2008, Stephane Bortzmeyer wrote:
>
> We already see this in the email world, where a self-appointed cartel
> like the MAAWG can decide technical rules and policies, bypassing both
> IETF and ICANN. Even if only one half of the big operators enforce
> these rules, they will become de
On Thu, 26 Jun 2008, Jeroen Massar wrote:
>
> thinking of all the nice security issues which come along (home, mycomputer
> and .exe etc anyone ? :)
.exe has the same security properties as .com
Tony.
--
f.anthony.n.finch <[EMAIL PROTECTED]> http://dotat.at/
TYNE DOGGER FISHER: SOUTH OR SOUTHW
On Fri, 27 Jun 2008, Jon Kibler wrote:
>
> Well, I guess this shoots in the foot Microsoft's name server best
> practices of setting up your AD domain as foo.LOCAL, using the logic
> that .LOCAL is safe because it cannot be resolved by the root name servers.
.local is also used by MDNS. (Nice inte
On Fri, 27 Jun 2008, Joe Abley wrote:
>
> To my mind, Tony Finch owns you all :-)
>
> http://dotat.at/
> [EMAIL PROTECTED]
The Austrians should not have given up on their hierarchial naming scheme.
Tony.
--
f.anthony.n.finch <[EMAIL PROTECTED]> http://dotat.at/
NORTH
On Wed, 28 May 2008, [EMAIL PROTECTED] wrote:
>
> > I don't see how, in your preferred replacement email
> > architecture, a provider would be able to avoid policing
> > their users to prevent spam in the way that you complain is
> > so burdensome.
>
> To begin with, mail could only enter such a sy
On Tue, 27 May 2008, [EMAIL PROTECTED] wrote:
>
> But a more advanced intelligence will wonder why we have to have an SMTP
> server architecture that invites attacks. Why, by definition, do SMTP
> servers have to accept connections from all comers, by default? We have
> shown that other architectur
On Wed, 7 May 2008, Deepak Jain wrote:
>
> I know of a tool that a major financial institution uses when certifying
> your networks security -- that scrapes the version number from your
> ESTMP banner to decide whether you comply or not (and other banners).
> (Rather than actually testing for a spe
On Mon, 13 Aug 2007, Barry Shein wrote:
>
> That is, if you extend domains on credit w/o any useful accountability
> of the buyer and this results in a pattern of criminality then the
> liability for that fraud should be shared by the seller.
+1
I find the ad-only sites irritating, but what's re
On Sun, 12 Aug 2007, Paul Ferguson wrote:
>
> As bad as the "domain tasting" problem really is, will anyone from
> the Ops community speak up?
I'd like to but I don't know of a practical way to measure the impact of
domain tasting on my services: how can I do 6 million whois lookups to
analyse a
On Tue, 7 Aug 2007, [EMAIL PROTECTED] wrote:
>
> they *already* don't answer with the txt records if you try to do a
> 'dig aol.com any' because that 512 and the 497 returned on a 'dig aol.com mx'
> won't fit in one 512-byte packet.
Wrong! You're probably not getting the txt records because you d
201 - 244 of 244 matches
Mail list logo
