From: Michael Sinatra (michael_at_rancid.berkeley.edu)
Date: Wed Sep 17 2003 - 10:21:09 PDT
On Wed, 17 Sep 2003, Mike Friedman wrote:
> On Wed Sep 17 09:36:59 2003, rossd_at_cns.me.berkeley.edu said:
>
> > For those who haven't heard, Verisign mucked with their root servers by
> > implementing a new system which redirects any non-existant domains or hosts
> > that are not responding to their own servers and apparently did it with
> > no more than an hour or two notification and no input from the Internet
> > community.
> >
> > This has already be shown to break the following:
> >
> > Many anti-spam tools have broken as a result of nonexistent domains now
> > appearing to exist. Passwords and other private information that are
> > accidentally sent to the wrong URL or a nonresponsive URL will go through
> > Verisign's servers SMTP (outgoing mail) is apparently listening on all
> > nonexistent domains or nonresponsive hosts.
>
> Ross,
>
> With respect to one issue raised by VeriSign's reported action:
>
> An IETF draft document released today discusses the pitfalls of servers
> implementing default actions that bypass what otherwise might be seen
> as normal 'errors', thereby potentially preventing client software from
> handling exceptional conditions intelligently. The draft can be found here:
>
> http://www.ietf.org/internet-drafts/draft-main-typo-wcard-00.txt
>
> Of course the reported VeriSign action raises more significant questions, as
> pointed out in the article to which you referred:
>
> http://www.nuclearelephant.com/papers/verisign.html
There is a set of patches to BIND to effectively return the behavior of
.com and .net to their original (pre-this-week) behavior. I am in a
meeting now, but I will send an email later tonight as to why I think
we're justified in installing this patch.
michael
------------------------------------------------------------------------
The following was automatically added to this message by the list server:
For information about Micronet, including subscribing to
or unsubscribing from its mailing list and finding out
about upcoming meetings, please visit the Micronet Web site:
<http://micronet.berkeley.edu/>.
This archive was generated by hypermail 2.1.5 : Wed Sep 17 2003 - 10:23:33 PDT