October 7 Archives

October 7, 2003

SecSAC Meeting Begins.

The SecSAC meeting on Sitefinder in Washington DC is about to begin.

General Meeting Information Agenda Webcast

Comments can be sent to

SECSAC: Hollenbeck (Verisign)

After Steve Crocker has finished his introductory remarks, Verisign's Scott Hollenbeck delivers his presentation on Sitefinder.

What is Sitefinder? Implementation. Technical Questions Raised. DNS Wildcard Guidelines. Questions?

Notes below. Most of what Hollenbeck says is (almost verbatim) what's in Verisign's response to the IAB, though.

Continue reading "SECSAC: Hollenbeck (Verisign)" »

SECSAC: Schairer

David Schairer (VP Software Engineering, XO Communications) speaks on consequences of sitefinder.

Continue reading "SECSAC: Schairer" »

SECSAC: Paul Vixie.

Paul Vixie presents. Observed workarounds.

Continue reading "SECSAC: Paul Vixie." »

SECSAC: Richard M. Smith

Richard M. Smith talks about information flow. Passing information to Omniture. Forms that point to expired domain names. Frames, pictures, scripts that are redirected to Sitefinder.

A lot of information is sent to sitefinder.

Fundamental point: Why not run sitefinder as applet in a web browser? Do it at the client side.

Continue reading "SECSAC: Richard M. Smith" »

SECSAC: Steve Bellovin.

Steve Crocker introduces Bellovin, "incredibly smart guy." Topic: Architectural issues.

Continue reading "SECSAC: Steve Bellovin." »

SECSAC: John Klensin; discussion.

Internet Protocols and Innovation. Starts by explaining interaction between MX and A records, and problems with early versions of Exchange and Outlook, taking up some remarks from Bellovin. Somewhat hard to understand over the webcast.

Continue reading "SECSAC: John Klensin; discussion." »

SECSAC: More Discussion.

Harold Feld: Does this break end-to-end? Getting into a war between Verisign and Microsoft?

Continue reading "SECSAC: More Discussion." »

SECSAC wrap-up

First, links into my notes: Hollenbeck, Schairer, Vixie, Smith, Bellovin, Klensin (+ discussion), final discussion. I suppose that electronic versions of the presentations will show up somewhere on the SecSAC site.

Nothing unexpected happened: Verisign tried to be collaborative with respect to fixing individual technical issues (suggesting, e.g., to introduce a wildcard MX record instead of running a bounce server), but did not seem willing to compromise on the design side of things.

The best presentations were clearly given by Bellovin and Klensin; however, they were hard to transcribe given the high information-per-time density. Both made the importance of the Internet's end-to-end design for innovation -- and the importance of a properly functioning DNS for that design -- abundantly clear. The message from their talks is that sitefinder is not just a bad idea because of individual side-effects, but because of the service's fundamental design.

Finally, the question asked by (I believe) K Claffy from CAIDA in the end of the meeting is indeed interesting: What kind of testing did Verisign actually perform before rolling out Sitefinder? What kinds of hard facts were generated during that testing process? (I'd add one more, though: How could the "snubby mail rejector daemon" survive any kind of rigorous testing?)


At today's meeting, Verisign's Chuck Gomes rhetorically asked whether the conclusion should be that innovation at the network's edges should be encouraged, even when it breaks standards, and that innovation at the network's center should be discouraged, even when it complies with standards.

Things are, of course, more difficult than that.

Continue reading ""Innovation"" »

About October 7

This page contains an archive of all entries posted to No Such Weblog in the October 7 category. They are listed from oldest to newest.

Movies is the previous category.

Rome 2004 is the next category.

Many more can be found on the main index page or by looking through the archives.

Creative Commons License
This weblog is licensed under a Creative Commons License.
Powered by
Movable Type 3.35