Subject: Re: Request comment: list of IPs to block outbound Date: Tue, Oct 22,
2019 at 11:11:27PM -0600 Quoting Grant Taylor via NANOG (nanog@nanog.org):
> On 10/22/19 10:54 PM, Måns Nilsson wrote:
> > It is just more RFC1918 space, a /10 unwisely spent on stalling IPv6
> > deployment.
>
> My un
On 10/22/19 10:11 PM, Grant Taylor via NANOG wrote:
> The explicit nature of RFC 6598 is on purpose so that there is no chance
> that it will conflict with RFC 1918. This is important because it means
> that RFC 6598 can /safely/ be used for Carrier Grade NAT by ISPs without
> any fear of conflict
On 10/22/19 10:54 PM, Måns Nilsson wrote:
I have a hard time finding text that prohibits me from running machines
on 100.64/10 addresses inside my network.
I think you are free to use RFC 6598 — Shared Address Space — in your
network. Though you should be aware of caveats of doing so.
It is
Subject: Re: Request comment: list of IPs to block outbound Date: Sun, Oct 13,
2019 at 09:24:39AM -0700 Quoting William Herrin (b...@herrin.us):
>
> > 100.64.0.0/10 Private network Shared address space[3] for
> > communications between a service
> >
> On Oct 22, 2019, at 6:31 PM, Keith Medcalf wrote:
>
> I see. It is an AIC problem, not a CIA problem. TLS in its default
> usage is a CIA thing because, well, it was designed to solve CIA
> problems where even temporary secrecy is more important than being down
> for a week. As had been p
On Tuesday, 22 October, 2019 13:26, Jared Mauch
wrote:
>No,
>> On Oct 22, 2019, at 2:08 PM, Keith Medcalf
wrote:
>> At this point further communications are encrypted and secure against
>>eavesdropping.
>The problem isn't the protocol being eavesdropped on. The data is
already
>published pu
No,
> On Oct 22, 2019, at 2:08 PM, Keith Medcalf wrote:
>
> At this point further communications are encrypted and secure against
> eavesdropping.
The problem isn't the protocol being eavesdropped on. The data is already
published publicly by many people.
The problem is one of mutual authe
On Tue, Oct 22, 2019 at 2:21 PM Bjørn Mork wrote:
>
> Christopher Morrow writes:
>
> > The x.509 system, to be effective here would require a TrustAnchor /
> > Root-of-Trust that both parties agreed was acceptable...
>
> As in a shared TrustAnchor? No. Both ends could use a simple self
as an o
On 10/22/2019 14:07, Keith Medcalf wrote:
That is incorrect.
I believe that an endpoint (lets call it Alice) can connect to another endpoint (lets call it Bob) and Alice can say to Bob,
"Hello Dude, lets negotiate a secret key between us". "Yokkely dokelly", says Bob, "Lets do that".
They th
Christopher Morrow writes:
> The x.509 system, to be effective here would require a TrustAnchor /
> Root-of-Trust that both parties agreed was acceptable...
As in a shared TrustAnchor? No. Both ends could use a simple self
signed certificate and be configured to trust the other. A hash of the
Once upon a time, Keith Medcalf said:
> I believe that an endpoint (lets call it Alice) can connect to another
> endpoint (lets call it Bob) and Alice can say to Bob, "Hello Dude, lets
> negotiate a secret key between us". "Yokkely dokelly", says Bob, "Lets do
> that". They then exchange some
>TLS in the traditional sense 'requires' that there be an X.509
>certificate to use in authenticating (and to some extent authorizing -
>can you be a CA? sign email? etc...) endpoints, ideally you do 'tls
>mutual authentication'...
That is incorrect.
I believe that an endpoint (lets call it Alice
On Tue, Oct 22, 2019 at 6:35 AM Julien Goodwin wrote:
>
>
>
> On 22/10/19 4:04 am, Jared Mauch wrote:
> >
> >
> >> On Oct 21, 2019, at 12:30 PM, Joe Abley wrote:
> >>
> >> On 21 Oct 2019, at 12:05, Keith Medcalf wrote:
> >>
> >>> On Monday, 21 October, 2019 09:44, Robert McKay wrote:
> >>>
> >>
On 10/22/19 5:41 AM, Rich Kulawiec wrote:
I'm guessing -- because spammer Ben Reynolds (breyno...@cytranet.com)
wrote to me about voice/data services -- that it's possible they've
been scraping addresses from here.
This exact issue received exhaustive coverage over on the Outages
(outa...@ou
Seems likely that they scraped the list, yes.
Two more names to my Never Do Business With list I guess. :)
On Tue, Oct 22, 2019 at 8:43 AM Rich Kulawiec wrote:
> I'm guessing -- because spammer Ben Reynolds (breyno...@cytranet.com)
> wrote to me about voice/data services -- that it's possible t
On 10/22/19 8:41 AM, Rich Kulawiec wrote:
I'm guessing -- because spammer Ben Reynolds (breyno...@cytranet.com)
wrote to me about voice/data services -- that it's possible they've
been scraping addresses from here.
Yes, mine came to my voiceops tagged address.
--
Brandon Martin
I'm guessing -- because spammer Ben Reynolds (breyno...@cytranet.com)
wrote to me about voice/data services -- that it's possible they've
been scraping addresses from here.
---rsk
> From: Saku Ytti
> Sent: Tuesday, October 22, 2019 11:54 AM
>
> On Mon, 21 Oct 2019 at 23:14, wrote:
>
> > The obvious drawback especially for TCAM based systems is the scale,
> > so not only we'd need to worry if our FIB can hold 800k prefixes, but
> > also if the filter memory can hold the s
On Mon, 21 Oct 2019 at 23:14, wrote:
> The obvious drawback especially for TCAM based systems is the scale, so not
> only we'd need to worry if our FIB can hold 800k prefixes, but also if the
> filter memory can hold the same amount -in addition to whatever additional
> filtering we're doing a
On 22/10/19 5:42 am, Jakob Heitz (jheitz) via NANOG wrote:
> The article linked says no mainstream BGP implementation supports TCP-AO.
> IOS-XE and IOS-XR support it.
>
> While I do not represent the Cisco view, personally I like the idea of BGP
> over TLS.
Excellent, that's news to me.
I had b
On 22/10/19 4:04 am, Jared Mauch wrote:
>
>
>> On Oct 21, 2019, at 12:30 PM, Joe Abley wrote:
>>
>> On 21 Oct 2019, at 12:05, Keith Medcalf wrote:
>>
>>> On Monday, 21 October, 2019 09:44, Robert McKay wrote:
>>>
The MD5 authentication is built into TCP options.. not obvious how you
>>
21 matches
Mail list logo
