data request on Sitefinder
Kee Hinckley
nazgul at somewhere.com
Mon Oct 20 17:31:41 UTC 2003
At 10:59 AM -0400 10/20/03, Steve Bellovin wrote:
>So -- how much notice would the operator community want before
>deploying new software? What about for enterprises? (We all know that
>stuff *can* be deployed more quickly in emergency circumstances. We
>also know the problems that that can lead to, which is why we generally
>want testing and controlled deployment.)
I don't even want to start down that path. If we were talking normal
software development and deployment schedules we'd be talking six
months to a year from notice to the software company to deployment.
But obviously that isn't going to happen. As a software developer
I'd want at least 30-60 days to do development and testing. As a
service provider thought, I'm pretty conservative about updating my
servers. And of course this change probably wouldn't be back-patched
into old versions, so that means I'm biting off all kinds of other
changes that I need to test as well.
More importantly--Verisign needs to deploy alternate servers so it's
actually possible to test software against the changes they propose
to make. Otherwise we're just running around guessing what the
behavior is going to be.
But fundamentally the problem is this. There is no way to handle
root wildcards by various registries in a standard and reliable way.
Verisign has not even been able to provide code for how to handle
*their* wildcard in a reliable way. Each registry may implement
different features with different behaviors. What works for one
won't necessarily work for another. And every time any one of them
changes, or a new registry is added, every single piece of software
that relies on a particular behavior has to be checked and possibly
patched. We can't afford to run the internet that way.
--
Kee Hinckley
http://www.messagefire.com/ Next Generation Spam Defense
http://commons.somewhere.com/buzz/ Writings on Technology and Society
I'm not sure which upsets me more: that people are so unwilling to accept
responsibility for their own actions, or that they are so eager to regulate
everyone else's.
More information about the NANOG
mailing list