data request on Sitefinder

• Previous message (by thread): sclavos interview (Re: data request on Sitefinder)
• Next message (by thread): data request on Sitefinder
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

At 10:59 AM -0400 10/20/03, Steve Bellovin wrote:
>So -- how much notice would the operator community want before
>deploying new software?  What about for enterprises?  (We all know that
>stuff *can* be deployed more quickly in emergency circumstances.  We
>also know the problems that that can lead to, which is why we generally
>want testing and controlled deployment.)

I don't even want to start down that path.  If we were talking normal 
software development and deployment schedules we'd be talking six 
months to a year from notice to the software company to deployment. 
But obviously that isn't going to happen.  As a software developer 
I'd want at least 30-60 days to do development and testing.  As a 
service provider thought, I'm pretty conservative about updating my 
servers.  And of course this change probably wouldn't be back-patched 
into old versions, so that means I'm biting off all kinds of other 
changes that I need to test as well.

More importantly--Verisign needs to deploy alternate servers so it's 
actually possible to test software against the changes they propose 
to make.  Otherwise we're just running around guessing what the 
behavior is going to be.

But fundamentally the problem is this.  There is no way to handle 
root wildcards by various registries in a standard and reliable way. 
Verisign has not even been able to provide code for how to handle 
*their* wildcard in a reliable way.  Each registry may implement 
different features with different behaviors.  What works for one 
won't necessarily work for another.  And every time any one of them 
changes, or a new registry is added, every single piece of software 
that relies on a particular behavior has to be checked and possibly 
patched.   We can't afford to run the internet that way.



-- 
Kee Hinckley
http://www.messagefire.com/         Next Generation Spam Defense
http://commons.somewhere.com/buzz/  Writings on Technology and Society

I'm not sure which upsets me more: that people are so unwilling to accept
responsibility for their own actions, or that they are so eager to regulate
everyone else's.

• Previous message (by thread): sclavos interview (Re: data request on Sitefinder)
• Next message (by thread): data request on Sitefinder
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]