data request on Sitefinder
Howard C. Berkowitz
hcb at gettcomm.com
Mon Oct 20 21:15:23 UTC 2003
At 5:04 PM -0400 10/20/03, Richard Welty wrote:
>On Mon, 20 Oct 2003 16:31:45 -0400 "Steven M. Bellovin"
><smb at research.att.com> wrote:
>
>> A number of people havce responded that they don't want to be forced to
>> pay for a change that will benefit Verisign. That's a policy issue I'm
>> trying to avoid here. I'm looking for pure technical answers -- how
>> much lead time do you need to make such changes safely?
>
>may i suggest another operational issue then?
>
>how does verisign plan to identify and notify all affected parties
>when changes
>are proposed?
>
>for example, in the current case, how do they plan to identify every
>party running
>postfix and inform them that they need to upgrade their MTA?
>
>this seems non-trivial to me.
Purely from an operational standpoint, it would be a mark of
efficiency to have a central repository of who is running what. That
would mean that notifications would only be sent to those that need
them, and also would provide objective information to determine how
many organizations would be affected by a change. In other words,
something that actually would be useful.
Unfortunately, we have seen Verisign constantly take the position
that information they learn through operations is their intellectual
property, to be used as they see fit, and generally to be kept
proprietary.
So if we try to separate operational from policy, we see white-winged
ships sail by, carrying data that might be useful, but then have them
crash on the rocks of stewardship of the data.
More information about the NANOG
mailing list