data request on Sitefinder

• Previous message (by thread): data request on Sitefinder
• Next message (by thread): data request on Sitefinder
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

At 5:04 PM -0400 10/20/03, Richard Welty wrote:
>On Mon, 20 Oct 2003 16:31:45 -0400 "Steven M. Bellovin" 
><smb at research.att.com> wrote:
>
>>  A number of people havce responded that they don't want to be forced to
>>  pay for a change that will benefit Verisign.  That's a policy issue I'm
>>  trying to avoid here.  I'm looking for pure technical answers -- how
>>  much lead time do you need to make such changes safely?
>
>may i suggest another operational issue then?
>
>how does verisign plan to identify and notify all affected parties 
>when changes
>are proposed?
>
>for example, in the current case, how do they plan to identify every 
>party running
>postfix and inform them that they need to upgrade their MTA?
>
>this seems non-trivial to me.

Purely from an operational standpoint, it would be a mark of 
efficiency to have a central repository of who is running what.  That 
would mean that notifications would only be sent to those that need 
them, and also would provide objective information to determine how 
many organizations would be affected by a change.  In other words, 
something that actually would be useful.

Unfortunately, we have seen Verisign constantly take the position 
that information they learn through operations is their intellectual 
property, to be used as they see fit, and generally to be kept 
proprietary.

So if we try to separate operational from policy, we see white-winged 
ships sail by, carrying data that might be useful, but then have them 
crash on the rocks of stewardship of the data.

• Previous message (by thread): data request on Sitefinder
• Next message (by thread): data request on Sitefinder
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]