> still wondering why this is on NANOG
maybe ipv6 is becoming relevant to operations?
randy
On 2012-06-20 23:23, Hank Nussbacher wrote:
> At 19:25 20/06/2012 -0400, Kyle Creyts wrote:
>
> Until such time that Sixxs responds as to what happened, it will all be
> conjecture.
>
> -Hank
>
>> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1820 possibly
>> related?
I pointed to th
At 19:25 20/06/2012 -0400, Kyle Creyts wrote:
Until such time that Sixxs responds as to what happened, it will all be
conjecture.
-Hank
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1820 possibly
related?
On Wed, Jun 20, 2012 at 11:34 AM, Jeroen Massar wrote:
> Good morning (at
The IETF pim working group is conducting a survey in order to advance
the PIM Sparse Mode spec on the IETF Standards Track, and would like
input from operators. The survey ends July 20th. Please see below for
more information.
thank you,
pim chairs Mike & Stig
Introduction:
PIM-SM was first pub
On Wed, Jun 20, 2012 at 4:26 PM, Jay Ashworth wrote:
> - Original Message -
>> From: "Leo Bicknell"
> Yes, but you're securing the account to the *client PC* there, not to
> the human being; making that Portable Enough for people who use and
> borrow multiple machines is nontrivial.
Or a
On Wed, Jun 20, 2012 at 11:05 PM, Jay Ashworth wrote:
> - Original Message -
>> From: "Dave Hart"
>
>> Sure, there are folks out there who believe NAT gives them benefits.
>> Some are actually sane (small multihomers avoiding BGP). You stand
>> out as insane for attempting to redefine "tr
My takeaway from the conversations we're having as the second and third-order
resultants of the LinkedIn password break is that, if there *is* an accepted
definition of the problem, in slices small enough for implementers to
understand, a lot of people haven't read it. Including me.
*Is* there a
who would mediate/verify/validate the trust transactions, though...
thats the hard part.
On Wed, Jun 20, 2012 at 7:46 PM, wrote:
> On Wed, 20 Jun 2012 19:31:40 -0400, Kyle Creyts said:
>> Guess we all need implants deep in less-than-easily-operable areas to
>> bind us to a digitally-accessible i
On Wed, 20 Jun 2012 19:31:40 -0400, Kyle Creyts said:
> Guess we all need implants deep in less-than-easily-operable areas to
> bind us to a digitally-accessible identity. This would make for an
> interesting set of user-based trust-anchoring paradigms, at least.
Credential revocation would sudden
There should be a way to authenticate the same user differently depending on
what device they're using and tie it all together in a central place; of course
if that central place gets compromised it would be horrible..
Still, I think it would help if you use the same password on every site if yo
> The fact that it is symmetric leads to the problem.
>
> Even if the attacker had fully compromised the server end they get
> nothing. There's no reply attack. No shared secret they can use to log
> into another web site. Zero value.
with per-site passphrases there is no cross-site threat. t
Guess we all need implants deep in less-than-easily-operable areas to
bind us to a digitally-accessible identity. This would make for an
interesting set of user-based trust-anchoring paradigms, at least.
On Wed, Jun 20, 2012 at 7:26 PM, Jay Ashworth wrote:
> - Original Message -
>> From:
- Original Message -
> From: "Leo Bicknell"
> SSL certificates could be used this way today.
>
> SSH keys could be used this way today.
>
> PGP keys could be used this way today.
>
> What's missing? A pretty UI for the users. Apple, Mozilla, W3C,
> Microsoft IE developers and so on nee
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1820 possibly related?
On Wed, Jun 20, 2012 at 11:34 AM, Jeroen Massar wrote:
> Good morning (at least on this side of the planet),
>
> On 2012-06-20 02:14, Hank Nussbacher wrote:> On Wed, 20 Jun 2012, Jeroen
> Massar wrote:
>>
>> Ill repor
In a message written on Thu, Jun 21, 2012 at 08:02:58AM +0900, Randy Bush wrote:
> what is the real difference between my having holding the private half
> of an asymmetric key and my holding a good passphrase for some site?
> that the passphrase is symmetric?
The fact that it is symmetric leads t
- Original Message -
> From: "Dave Hart"
> Sure, there are folks out there who believe NAT gives them benefits.
> Some are actually sane (small multihomers avoiding BGP). You stand
> out as insane for attempting to redefine "transparent" to mean
> "inbound communication is possible after
leo,
what is the real difference between my having holding the private half
of an asymmetric key and my holding a good passphrase for some site?
that the passphrase is symmetric?
> First time a user goes to sign up on a web page, the browser should
> detect it wants a key uploaded and do a simple
Dave Hart wrote:
> Sure, there are folks out there who believe NAT gives them benefits.
> Some are actually sane (small multihomers avoiding BGP).
They are sane, because there is no proper support for multiple
addresses (as is demonstrated by a host with a v4 and a v6
addresses) nor automatic ren
In a message written on Wed, Jun 20, 2012 at 06:37:50PM -0400,
valdis.kletni...@vt.edu wrote:
> I have to agree with Leo on this one. Key management *is* hard - especially
> the part about doing secure key management in a world where Vint Cerf
> says there's 140M pwned boxes. It's all nice and s
On Wed, 20 Jun 2012 14:39:14 -0700, Leo Bicknell said:
> In a message written on Wed, Jun 20, 2012 at 02:19:15PM -0700, Leo Vegoda
> wrote:
> > Key management: doing it right is hard and probably beyond most end users.
>
> I could not be in more violent disagreement.
I have to agree with Leo on t
In a message written on Wed, Jun 20, 2012 at 03:05:17PM -0700, Aaron C. de
Bruyn wrote:
> You're right. Multiple accounts is unpossible in every way except
> prompting for usernames and passwords in the way we do it now.
> The whole ssh-having-multiple-identities thing is a concept that could
> n
On Jun 20, 2012, at 5:54 PM, Matthew Kaufman wrote:
> On 6/20/2012 2:39 PM, Leo Bicknell wrote:
>> Users would find it much more convenient and wonder why we ever used
>> passwords, I think...
>
> Yes. Those users who have a single computer with a single browser. For anyone
> with a computer
On Wed, Jun 20, 2012 at 2:44 PM, Elmar K. Bins wrote:
> (Fight of the Leos...)
>
> bickn...@ufp.org (Leo Bicknell) wrote:
>
>> Users would find it much more convenient and wonder why we ever used
>> passwords, I think...
>
> Yeah cool. Shame I have three accounts on peerindb.com alone...
You're r
On 6/20/2012 2:39 PM, Leo Bicknell wrote:
Users would find it much more convenient and wonder why we ever used
passwords, I think...
Yes. Those users who have a single computer with a single browser. For
anyone with a computer *and* a smartphone, however, there's a huge
missing piece. And it
(Fight of the Leos...)
bickn...@ufp.org (Leo Bicknell) wrote:
> Users would find it much more convenient and wonder why we ever used
> passwords, I think...
Yeah cool. Shame I have three accounts on peerindb.com alone...
In a message written on Wed, Jun 20, 2012 at 02:19:15PM -0700, Leo Vegoda wrote:
> Key management: doing it right is hard and probably beyond most end users.
I could not be in more violent disagreement.
First time a user goes to sign up on a web page, the browser should
detect it wants a key uplo
Exactly!
Passwords = Fail
All we can do is make it as difficult as possible for them to crack it
until the developers decide to make pretty eye candy.
- Robert Miller
(arch3angel)
On 6/20/12 3:43 PM, Leo Bicknell wrote:
In a message written on Wed, Jun 20, 2012 at 03:30:58PM -0400, AP NANOG
>> What's missing? A pretty UI for the users. Apple, Mozilla, W3C,
perhaps this is a good starting point:
http://gpg4usb.cpunk.de/
GPLv3, lightweight, portable, compatibility with GNU/Linux and Windows
Hi,
Leo Bicknell wrote:
[public key cryptography]
>
> What's missing? A pretty UI for the users. Apple, Mozilla, W3C,
Microsoft IE developers and so on need to get their butts in gear and make a
pretty UI to create personal key material, send the public key as part of a
sign up form, import a
In a message written on Wed, Jun 20, 2012 at 03:30:58PM -0400, AP NANOG wrote:
> So the question falls back on how can we make things better?
Dump passwords.
The tech community went through this back in oh, 1990-1993 when
folks were sniffing passwords with tcpdump and sysadmins were using
Telnet.
I normally don't respond and just sit back leeching knowledge, however
this incident with LinkedIn & eHarmony strikes close to home. Not just
because my password was in this list of dumped LinkedIn accounts, but
the fact that this incident struck virtually every business professional
and corpo
This is also the way I have understood "chassis" Smartnet in the past, that
is that line cards have always been covered, and in my career, Cisco has
always replaced (RMA'd) failed line cards of any kind no questions asked.
This seems to be a new Cisco policy, quoting Smartnet for line cards.
Does a
On Wed, Jun 20, 2012 at 8:44 AM, Masataka Ohta wrote:
> Because we still have enough IPv4 addresses, because most
> users are happy with legacy NAT and because some people
> loves legacy NAT, there is not much commercial motivation.
Sure, there are folks out there who believe NAT gives them benefi
Anyone have it?
638 Chapman Rd., Greenville, NC 28590
Thanks
Chris
--
Sent from my mobile device
Good morning (at least on this side of the planet),
On 2012-06-20 02:14, Hank Nussbacher wrote:> On Wed, 20 Jun 2012, Jeroen
Massar wrote:
>
> Ill report it to them but:
NANOG is afaik still not the "contact the people who run things" email
address...
Nevertheless, if issues, do not hesitate to
Thank you for the information. I just wish they would get it all working.
At this point I would be happy with a GRE tunnel to a router that had IPv6.
I use tunnel broker now but with the low lease time of the TW dhcp server i
have to run the updater script just about every hour to keep the tunnel u
That is the way I understood it in the past but:
I recently priced a new 10G blade for our 6509 and was quoted Smartnet for it.
I asked about if it was covered under the chassis Smartnet and was told that
line cards were not covered.
I do know that I have replaced the supervisor card before under
On Wed, 20 Jun 2012, Hank Nussbacher wrote:
It would appear that whatever was broken is now fixed.
-Hank
On Wed, 20 Jun 2012, Jeroen Massar wrote:
Ill report it to them but:
http://www.sixxs.net/tools/grh/tla/
Shows every country as V=0 (prefixes visible per country).
-Hank
On 2012-06-2
On Wed, 20 Jun 2012, Jeroen Massar wrote:
Ill report it to them but:
http://www.sixxs.net/tools/grh/tla/
Shows every country as V=0 (prefixes visible per country).
-Hank
On 2012-06-20 01:04, Hank Nussbacher wrote:
I am seeing all IPv6 prefixes that are monitored by Sixxs as being down
and u
On 2012-06-20 01:04, Hank Nussbacher wrote:
> I am seeing all IPv6 prefixes that are monitored by Sixxs as being down
> and unavailable.
Hmmm, I didn't see this on i...@sixxs.net which would be the usual place
to report any issues with respect to SixXS, but there the same reply
would be given: whi
valdis.kletni...@vt.edu wrote:
>> hosts. However, for an ISP operating the NAT gateway, it may be
>> easier to operate independent servers at default port for DNS, SMTP,
>> HTTP and other applications for their customers than operating
>> application relays.
>
> So you're admitti
I am seeing all IPv6 prefixes that are monitored by Sixxs as being down
and unavailable.
Anyone know why?
Thanks,
Hank
On (2012-06-19 17:07 -0700), ryanL wrote:
> anyone have any opinions on the two subject vendors, with general
> regard to 10GE transceivers? SR multi-mode data center stuff for my
> application.
I'm not familiar with solid optics, but AFAIK smart optics today resells
finisar, so you probably don'
I have found that SmartNet is good for only "software" updates in
certain gear. 3rd party maintenance is MUCH cheaper when regarding to
"6500" gear as it is NOT a distributed architecture as the 12000 series.
IMHO
Larz
-Original Message-
From: PC [mailto:paul4...@gmail.com]
Sent: We
44 matches
Mail list logo
