over UDP as a starting point.
An adoption impediment has been desktop OS vendors. This may change
once SCTP's advantages become increasingly apparent with the rise of
data rates and desires for greater resiliency and security.
Regards,
Douglas Otis
On 6/25/12 12:20 PM, William Herrin wrote:
> On Mon, Jun 25, 2012 at 1:09 PM, Douglas Otis
> wrote:
>> On 6/25/12 7:54 AM, Owen DeLong wrote:
>>> It would have been better if IETF had actually solved this
>>> instead of punting on it when developing IPv6.
>>
On 6/25/12 10:17 AM, Christopher Morrow wrote:
> On Mon, Jun 25, 2012 at 1:09 PM, Douglas Otis
> wrote:
>> On 6/25/12 7:54 AM, Owen DeLong wrote:
>>> It would have been better if IETF had actually solved this
>>> instead of punting on it when developing IPv6.
>
rather than the IETF hampered progress in
this area. Why band-aid on a solved problem?
Regards,
Douglas Otis
On 4/18/12 8:09 PM, Steven Bellovin wrote:
On Apr 18, 2012, at 5:55 32PM, Douglas Otis wrote:
> Dear Jeroen,
>
> In the work that led up to RFC3309, many of the errors found on the
> Internet pertained to single interface bits, and not single data
> bits. Working at a large ch
errors. It would be surprising to find
memory designs lacking internal error detection logic.
Regards,
Douglas Otis
On 1/26/12 7:35 AM, Cameron Byrne wrote:
1. You don't want to disclose what addresses you are using on your
internal network, including to the rir
2. You require or desire an address plan that your rir may consider
wasteful.
3. You don't want to talk to an rir for a variety of personal or
On 10/25/11 12:31 PM, Ricky Beam wrote:
On Tue, 25 Oct 2011 12:55:58 -0400, Owen DeLong
wrote:
> Wouldn't the right place for that form of rejection to occur be at
> the mail server in question?
In a perfect world, yes. When you find a perfect world, send us an
invite.
> I reject lots
On 10/6/11 7:26 PM, Paul Graydon wrote:
On 10/6/2011 4:02 PM, Wayne E Bouchard wrote:
In some circles, he's being compared to Thomas Edison. Apply your own
opinion there whether you feel that's accurate or not. I'll just state
this: Both men were pasionate about what they did. They each changed
On 9/1/11 11:52 AM, Cameron Byrne wrote:
On Thu, Sep 1, 2011 at 11:36 AM, Serge Vautour wrote:
Hello,
Things I understand: IPv6 is the long term solution to IPv4 exhaustion. For IPv6 to
work correctly, most of the IPv4 content has to be on IPv6. That's not there yet.
IPv6 deployment to end u
On 8/12/11 8:29 AM, Jeff Wheeler wrote:
I thought I'd chime in from my perspective, being the head router
jockey for a bunch of relatively small networks. I still find that
many routers have support for OSPF but not IS-IS. That, plus the fact
that most of these networks were based on OSPF befor
On 3/14/11 9:11 AM, William Allen Simpson wrote:
On 3/13/11 9:35 PM, goe...@anime.net wrote:
the real cesspool is POC registries. i wish arin would start revoking
allocations for entities with invalid POCs.
Hear, hear!
Leo's remembering the old days (80s - early '90s), when we checked
whois
On 2/16/11 10:57 PM, Joe Abley wrote:
On 2011-02-16, at 02:44, Douglas Otis wrote:
Routers indicate local MTUs, but minimum MTUs are not assured to have 1280
octets when IPv4 translation is involved.
See Section 5 in rfc2460.
I've heard that interpretation of 2460 before from Bill Ma
On 2/15/11 11:09 PM, Joe Abley wrote:
On 2011-02-14, at 21:41, William Herrin wrote:
On Mon, Feb 14, 2011 at 7:24 PM, TR Shaw wrote:
Just wondering what this community thinks of NIST in
general and their SP800-119 (
http://csrc.nist.gov/publications/nistpubs/800-119/sp800-119.pdf )
writeup abo
On 1/25/11 6:00 PM, Fernando Gont wrote:
On 24/01/2011 08:42 p.m., Douglas Otis wrote:
It seems efforts related to IP address specific policies are likely
doomed by the sheer size of the address space, and to be pedantic, ARP
has been replaced with multicast neighbor discovery which
On 1/24/11 11:04 AM, bmann...@vacation.karoshi.com wrote:
well... you are correct - he did say shorter. me - i'd hollar for my good
friends Fred and Radia (helped w/ the old vitalink mess) on the best way to
manage an arp storm and/or cam table of a /64 of MAC addresses. :) It was
hard enoug
On 1/15/11 3:24 PM, Brandon Ross wrote:
On Sat, 15 Jan 2011, Owen DeLong wrote:
I really doubt this will be the case in IPv6.
I really hope you are right, because I don't want to see that either,
however...
Why do you suppose they did that before with IPv4? Sure you can make
the argument N
On 1/14/11 4:10 PM, William Herrin wrote:
On Fri, Jan 14, 2011 at 2:43 PM, Owen DeLong wrote:
Ah, but, the point here is that NAT actually serves as an enabling
technology for part of the attack he is describing.
As for strictly passive attacks, like the so-called drive by download,
it is not
On 1/14/11 11:49 AM, Jack Bates wrote:
On 1/14/2011 1:43 PM, Owen DeLong wrote:
Ah, but, the point here is that NAT actually serves as an enabling
technology for part of the attack he is describing. Another example
where NAT can and is a security negative. The fact that you refuse
to acknowledge
On 1/13/11 5:48 PM, William Herrin wrote:
On Wed, Jan 12, 2011 at 10:02 PM, Mark Andrews wrote:
In message,
William
Herrin writes:
There's actually a large difference between something that's
impossible for a technology to do (even in theory), something that the
technology has been programm
On 12/14/10 2:38 PM, Richard A Steenbergen wrote:
On Tue, Dec 14, 2010 at 03:39:07PM -0600, Aaron Wendel wrote:
> To what end? And who's calling the shots there these days? Comcast
> has been nothing but shady for the last couple years. Spoofing
> resets, The L3 issue, etc. What's the spe
On 11/29/10 1:18 PM, Jack Bates wrote:
On 11/29/2010 1:10 PM, John Kristoff wrote:
> In a nutshell, as I recall, one of the prime motivating factors for
> not standardizing jumbos was interoperability issues with the
> installed base, which penalizes other parts of the network (e.g.
> routers ha
On 10/4/10 6:55 PM, Kevin Stange wrote:
The most common situation where another host sends on your domain's
behalf is a forwarding MTA, such as NANOG's mailing list. A lot of MTAs
will only trust that the final MTA handling the message is a source
host. In the case of a mailing list, that's NA
On 10/4/10 12:47 PM, Greg Whynott wrote:
A partner had a security audit done on their site. The report said they were
at risk of a DoS due to the fact they didn't have a SPF record.
I commented to his team that the SPF idea has yet to see anything near mass
deployment and of the millions of
On 5/20/10 4:08 PM, Jeroen van Aart wrote:
James Bensley wrote:
Got the below message back from Hotmail when emailing a friend I email
every week. I have never experienced this particular error before, is
this just an indication of high traffic between Google Mail and
Hotmail?
Yes, high traffi
On 3/29/10 12:06 PM, Tarig Yassin wrote:
Hi Jul
Dkim, SPF, and Domainkey are sender authentication methods for email system.
Which use Public Key Cryptography.
DKIM and Domainkeys use public key cryptography to authenticate
signature sources used for signing at least email From headers an
On 12/17/09 4:54 AM, Tony Finch wrote:
On Wed, 16 Dec 2009, Douglas Otis wrote:
To avoid server access and hitting roots:
host-1.example.com. IN A 192.0.2.0
host-10.example.com. IN A 192.0.2.9
example.com.IN MX 0 host-1.example.com.
example.com.IN MX 90 host-10.example.com.
This is
On 12/16/09 4:48 PM, Paul Vixie wrote:
Douglas Otis writes:
If MX TEST-NET became common, legitimate email handlers unable to
validate messages prior to acceptance might find their server
resource constrained when bouncing a large amount of spam as well.
none of this will block spam
On 12/16/09 4:08 PM, Joe Abley wrote:
On 2009-12-17, at 00:02, Douglas Otis wrote:
To avoid server access and hitting roots:
host-1.example.com. IN A 192.0.2.0
>> ...
>> host-10.example.com. IN A 192.0.2.9
example.com. IN MX 0 host-1.example.com.
>> ...
>> example
On 12/16/09 3:59 AM, Tony Finch wrote:
On Wed, 16 Dec 2009, Mark Andrews wrote:
Douglas Otis wrote:
One might instead consider using:
example.com.IN MX 0 192.0.2.0
IN MX 10 192.0.2.1
...
IN MX 90 192.0.2.9
Which
On 12/15/09 8:06 AM, Andy Davidson wrote:
Eric J Esslinger wrote:
I have a domain that exists solely to cname A records to another domain's
websites.
[...]
I found a reference to a null MX proposal, constructed so:
example.comINMX 0 .
[...]
Question: Is this a valid dns construct or
On Dec 7, 2009, at 9:51 AM, Michael Holstein wrote:
>
>> The problem we face is that some people we work with can't do that
>
> Then explain that client-side (their users, to whom they send mail) are
> probably using Hotmail, et.al. and SPF will simply not allow "spoofing" which
> is what the
On 9/13/09 12:49 PM, joel jaeggli wrote:
Frank Bulk wrote:
[]
If anything, there's more of a disincentive than ever before for
ARIN to spend time on netblock sanitization.
This whole thread seems to be about shifting (I.E. by externalizing)
the costs of remediation. presumably the entities re
This was responded to on the DNSEXT mailing list.
Sorry, but your question was accidentally attributed to Paul who
forwarded the message.
DNSEXT Archive: http://ops.ietf.org/lists/namedroppers/
-Doug
On 8/5/09 7:05 PM, Naveen Nathan wrote:
On Wed, Aug 05, 2009 at 09:17:01PM -0400, John R. Levine wrote:
...
It seems to me that the situation is no worse than DNSSEC, since in both
cases the software at each hop needs to be aware of the security stuff, or
you fall back to plain unsigned DNS.
On 8/5/09 2:49 PM, Christopher Morrow wrote:
and state-management seems like it won't be too much of a problem on
that dns server... wait, yes it will.
DNSSEC UDP will likely become problematic. This might be due to
reflected attacks, fragmentation related congestion, or packet loss.
When it
On 8/5/09 11:31 AM, Roland Dobbins wrote:
On Aug 6, 2009, at 1:12 AM, Douglas Otis wrote:
Having major providers support the SCTP option will mitigate disruptions caused
by DNS DDoS attacks using less resources.
Can you elaborate on this (or are you referring to removing the spoofing
On 8/5/09 11:38 AM, Skywing wrote:
That is, of course, assuming that SCTP implementations someday clean up their act a bit.
I'm not so sure I'd suggest that they're really ready for "prime time" at this
point.
SCTP DNS would be intended for ISPs validating DNS where there would be
fewer iss
On 8/5/09 9:48 AM, John Levine wrote:
Other than DNSSEC, I'm aware of these relatively simple hacks to add
entropy to DNS queries.
1) Random query ID
2) Random source port
3) Random case in queries, e.g. GooGLe.CoM
4) Ask twice (with different values for the first three hacks) and
compare the
On Aug 12, 2007, at 6:41 AM, John Levine wrote:
The problems with domain tasting more affect web users, with vast
number of typosquat parking pages flickering in and out of existence.
Domain tasting clearly affects assessments based upon domains. With
millions added and removed daily as
On Aug 7, 2007, at 2:23 PM, Andrew Sullivan wrote:
On Tue, Aug 07, 2007 at 01:50:33PM -0700, Kevin Oberman wrote:
that security types (I mean those with a police/physical security
background) don't must care for these arguments. It usually comes
down to "lock and bar every door unless you
On Jul 9, 2007, at 9:31 AM, Randy Bush wrote:
Tony Tauber wrote:
There's no magic bullet in updating BGP if a fundamental,
verifiable data model is not accepted and agreed upon.
the space of routing data validation is large, we can explore it at
our leisure, and we have been for some yea
On Jun 15, 2007, at 11:31 PM, Fergie wrote:
- -- Florian Weimer <[EMAIL PROTECTED]> wrote:
In most parts of the world, the Microsoft EULA is not enforceable.
Most users don't buy their software from Microsoft, either. It's
preinstalled on their PC, and Microsoft disclaims any support.
N
On May 24, 2007, at 10:45 PM, John Levine wrote:
I ask you: What would you suggest? It's quite hard to craft
technical solutions to policy failures.
Since the registrar business has degenerated into a race to the
bottom, I don't see anything better than setting a floor that is
the minim
On May 12, 2007, at 8:57 PM, K K wrote:
On 5/11/07, william(at)elan.net <[EMAIL PROTECTED]> wrote:
On Fri, 12 May 2007, John Levine wrote:
>> The issue I see with most of the options (abuse.net, spamcop,
etc) is
>
> Hey, leave abuse.net out of this, please. It's just a database
of con
On Sun, 2007-04-08 at 03:27 +, John Levine wrote:
>
> But on today's Internet, if you want to get your mail delivered, it
> would be a good idea not to live in a bad neighborhood, and if your
> ISP puts you in one, you need a better ISP.
> That's life.
Good advise. For various reasons, a maj
46 matches
Mail list logo
