Re: dnssec keytrap vuln

validation DoS vulnerabilities - both CVE-2023-50387 ("KeyTrap") and CVE-2023-50868 (NSEC3 vuln) - improvements welcome) -- Royce Williams Tech Solvency On Sat, Feb 17, 2024 at 1:11 AM Dave Taht wrote: > Really long list of fixed dns servers here: > > > https://www.linkedin

Re: NTP Sync Issue Across Tata (Europe)

misuse_and_abuse# > <https://en.m.wikipedia.org/wiki/NTP_server_misuse_and_abuse#:~:text=NTP%20server%20misuse%20and%20abuse%20covers%20a%20number%20of%20practices,the%20NTP%20rules%20of%20engagement.> > > > -mel > > On Aug 6, 2023, at 12:03 PM, Royce Williams > wrote: > &

Re: NTP Sync Issue Across Tata (Europe)

Naively, instead of abstaining ;) ... isn't robust diversity of NTP peering a reasonable mitigation for this, as designed? Royce On Sun, Aug 6, 2023 at 10:21 AM Mel Beckman wrote: > William, > > Due to flaws in the NTP protocol, a simple UDP filter is not enough. These > flaws make it trivial

Re: FIDO2/Passkey now supported for 2FA for ARIN Online (was: Fwd: [arin-announce] New Features Added to ARIN Online)

On Tue, Jan 3, 2023 at 11:59 AM John Curran wrote: > FYI - ARIN Online now has FIDO2/Passkey as an option for two-factor > authentication (2FA) - this is a noted priority for some organizations. > John - this is a great step forward! Kudos to the tech team who helped make the leap - it can be

Re: FYI - 2FA to be come mandatory for ARIN Online? (was: Fwd: [arin-announce] Consultation on Requiring Two-Factor Authentication (2FA) for ARIN Online Accounts

On Fri, May 27, 2022, 9:55 PM Peter Beckman wrote: > Not to be confused with FIDO U2F, which is basically what TOTP 2FA is, > just implemented differently. > FIDO U2F is materially different from TOTP 2FA. With TOTP, there is no cryptographic validation of the requester / server. A user

CIDR string replacement

The recent thread on CIDR aggregation cleanup scripts reminds me that I'm looking for a similarly efficient implementation of a related tool. (I'm gearing up to write my own in Perl, but don't want to reinvent the wheel.) I'd like a fast, Unix-pipeline-ready tool that *replaces* all IPs within

Re: Wikipedia drops support for old Android smartphones; mandates TLSv1.2 to read

On Tue, Dec 31, 2019 at 7:46 AM Matt Harris wrote: > > On Tue, Dec 31, 2019 at 10:34 AM Royce Williams > wrote: > >> On Tue, Dec 31, 2019 at 7:17 AM Matt Harris wrote: >> >>> >>> The better solution here isn't to continue to support known-flawed &g

Re: Wikipedia drops support for old Android smartphones; mandates TLSv1.2 to read

On Tue, Dec 31, 2019 at 7:32 AM Royce Williams wrote: > On Tue, Dec 31, 2019 at 7:17 AM Matt Harris wrote: > >> On Tue, Dec 31, 2019 at 9:11 AM Seth Mattinen wrote: >> >>> On 12/31/19 12:50 AM, Ryan Hamel wrote: >>> > Just let the old platforms

Re: Wikipedia drops support for old Android smartphones; mandates TLSv1.2 to read

On Tue, Dec 31, 2019 at 7:17 AM Matt Harris wrote: > On Tue, Dec 31, 2019 at 9:11 AM Seth Mattinen wrote: > >> On 12/31/19 12:50 AM, Ryan Hamel wrote: >> > Just let the old platforms ride off into the sunset as originally >> > planned like the SSL implementations in older JRE installs, XP, etc.

Re: Wikipedia drops support for old Android smartphones; mandates TLSv1.2 to read

On Tue, Dec 31, 2019 at 6:12 AM Seth Mattinen wrote: > On 12/31/19 12:50 AM, Ryan Hamel wrote: > > Just let the old platforms ride off into the sunset as originally > > planned like the SSL implementations in older JRE installs, XP, etc. You > > shouldn't be holding onto the past. > > > Because

Re: BGP/dDos gift from NIST

On Wed, Dec 25, 2019 at 1:15 AM william manning wrote: > https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-189.pdf > I can't speak to the technical content, but this put a curdle in my morning coffee: "... that comprise the internet [sic]" . Et tu, NIST? I will die on this

Re: D'oH III: In 3-D! Plot Twist from Google/Chrome, Vixie approves?

The difference is that Chrome won't use resolvers other than the ones you've configured yourself, and will simply opportunistically upgrade to DoH if they detect that those resolvers support it. In other words, there is no usurpation of administrative intent. Royce On Wed, Oct 30, 2019 at 7:30

Re: NTP for ASBRs?

On Wed, May 8, 2019 at 11:12 PM Eric S. Raymond wrote: > Chris Adams : > > Once upon a time, Royce Williams said: > > > The La Crosse 404-1235UA-SS UltrAtomic (not affiliated, just a fan) > tracks > > > DST - and even leap seconds. They have much better reach than

Re: NTP for ASBRs?

On Wed, May 8, 2019 at 7:16 PM Bryan Holloway wrote: > On 5/8/19 7:55 PM, Brian Kantor wrote: > > On Wed, May 08, 2019 at 07:47:56PM -0500, Bryan Holloway wrote: > >> 100% true. But there is also a practical side to this ... > >> > >> When a NOC-ling, in their own local timezone, says, "hey,

Re: Widespread Firefox issues

On Sat, May 4, 2019 at 8:02 AM Royce Williams wrote: > On Sat, May 4, 2019 at 7:40 AM Royce Williams > wrote: > >> On Sat, May 4, 2019 at 7:32 AM Keith Medcalf wrote: >> >>> >>> I will stick to the "clearly false" since it is now well to the po

Re: Widespread Firefox issues

On Sat, May 4, 2019 at 7:40 AM Royce Williams wrote: > On Sat, May 4, 2019 at 7:32 AM Keith Medcalf wrote: > >> >> I will stick to the "clearly false" since it is now well to the point >> where we are in 2019-05-04 (even in local UT1, let alone UTC), studies ar

Re: Widespread Firefox issues

On Sat, May 4, 2019 at 7:32 AM Keith Medcalf wrote: > > I will stick to the "clearly false" since it is now well to the point > where we are in 2019-05-04 (even in local UT1, let alone UTC), studies are > disabled (and have been since forever), no studies have been loaded, and my > extensions

Re: Comcast storing WiFi passwords in cleartext?

On Wed, Apr 24, 2019 at 8:33 PM Mike Bolitho wrote: > "than the relatively low risk of a database compromise leading to a >> miscreant getting ahold of their wireless password and using their access >> point as free wifi." >> > > And this is the thing, not only does someone have to 'hack' the

Re: plaintext email?

And just imagine what email threading might be like today ... ... if early email clients had defaulted to displaying the *bottom* of the thread (as if you'd scrolled there). Thoughtful UX design matters. -- Royce Williams Tech Solvency On Mon, Jan 14, 2019 at 8:39 PM wrote: > A: Beca

Re: Amazon now controls 3.0.0.0/8

Obligatory list of all known same-quad servers and their DNS status - corrections welcome: https://gist.github.com/roycewilliams/6cb91ed94b88730321ca3076006229f1 If there is info about previous/historical use of these IPs, I'd like to find a way to incorporate that as well. -- Royce On Thu,

Re: Security team objectives

On Sun, Jul 29, 2018 at 8:58 PM wrote: > > On Mon, 30 Jul 2018 06:43:35 +0200, Ramy Hashish said: > > If you are going to start a security team in a newly founded IT > > organization, what will the objectives/results be? > > The answer will depend heavily on the organization that contains the IT

Re: Whois vs GDPR, latest news

On Sat, May 26, 2018 at 4:57 PM Dan Hollis wrote: > I imagine small businesses who do a small percentage of revenue to EU > citizens will simply decide to do zero percentage of revenue to EU > citizens. The risk is simply too great. That would be a shame. I would expect

Re: Yet another Quadruple DNS?

And FWIW, there are currently a few other other same-quad open resolvers: # IP - desc | CIDR | recursion-yes 1.1.1.1 - APNIC-LABS - Research prefix for APNIC Labs (now Cloudflare distributed public recursive DNS) | 1/8 | recursion-yes 8.8.8.8 - Google LLC (public recursive DNS) | 8.8.8/24 |

Re: Yet another Quadruple DNS?

On Fri, Mar 30, 2018 at 5:30 AM, Christopher Morrow wrote: > > On Thu, Mar 29, 2018 at 10:32 AM, Stephane Bortzmeyer > wrote: > > > Public DNS resolvers still help against "ordinary" adversaries. (If > > your ennemy is the NSA, you have other problems,

Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks

On Thu, Mar 1, 2018 at 1:38 PM, Randy Bush wrote: > > > this is sort of why openbsd listens only on 127.0.0.1/::1 by default, > > right? it's the only sane choice for 'fresh out of the box' network > > daemons: "Yes, it's running, yes I can healthcheck it locally to prove > > it's

Re: Suggestions for a more privacy conscious email provider

On Sun, Dec 3, 2017 at 10:31 AM, Grant Taylor via NANOG wrote: > On 12/03/2017 10:08 AM, Filip Hruska wrote: > >> It's kind of a pain to manage a mail server. >> > > I disagree. > > I have been running my own mail server for > 15 years and extremely happy > with it. > > I spend

Re: Please run windows update now

On Fri, May 12, 2017 at 10:30 AM, Royce Williams <ro...@techsolvency.com> wrote: > My $0.02, for people doing internal/private triage: > > - If your use of IPv4 space is sparse by routes, dump your internal > routing table and convert to summarized CIDR. > > - Feed

Re: Please run windows update now

My $0.02, for people doing internal/private triage: - If your use of IPv4 space is sparse by routes, dump your internal routing table and convert to summarized CIDR. - Feed your CIDRs to masscan [1] to scan for internal port 445 (masscan randomizes targets, so destination office WAN links won't

Re: WWV Broadcast Outages

On Mon, Mar 6, 2017 at 5:12 AM, Andrew Gallo wrote: > > On 3/6/2017 3:55 AM, Majdi S. Abbas wrote: >> >> On Wed, Feb 22, 2017 at 04:59:53AM -0800, Hal Murray wrote: >>> >>> Any suggestions for gear and/or software that works with WWV (or CHU)? >>> Or general suggestions for non

Re: SHA1 collisions proven possisble

On Wed, Mar 1, 2017 at 7:57 PM, James DeVincentis via NANOG wrote: [ reasonable analysis snipped :) ] > With all of these reasons all wrapped up. It clearly shows the level of hype > around this attack is the result of sensationalist articles and clickbait > titles. I have

Re: SHA1 collisions proven possisble

We just need to keep the likely timeline in mind. As I saw someone say on Twitter today ... "don't panic, just deprecate". Valeria Aurora's hash-lifecycle table is very informative (emphasis mine): http://valerieaurora.org/hash.html Reactions to stages in the life cycle of cryptographic hash

Re: Akamai and Instagram Ranges

On Sat, Jan 28, 2017 at 2:22 AM, Shahab Vahabzadeh wrote: > > Hello Hello, > Can anybody help me to find out IP Address Ranges of Akamai and Instagram? > I wanna do some optimizations on my cache side? > Thanks I do not know the difference between Akamai's corporate

Re: DNS CAA records...

On Tue, Jan 17, 2017 at 3:04 PM, Eric Tykwinski wrote: > So I’ve come across this on Qualys and just wondering if there’s any > practical examples out there in the wild. > I know some BIND guys are on here, so I’m sure I’m missing something from the > RFCs. > Just wanted

Re: Recent NTP pool traffic increase

On Thu, Dec 22, 2016 at 4:05 PM, Harlan Stenn wrote: > This sort of misconfiguration will happen and the NTP Pool Project > clearly isn't the place to solve this problem overall. It *is* > something NTF is in a position to address. Harlan, could you be more specific about how

Re: Wanted: volunteers with bandwidth/storage to help save climate data

beat it into a plowshare. :) Royce >> On Dec 21, 2016, at 22:16, Royce Williams <ro...@techsolvency.com> wrote: >> >> On Tue, Dec 20, 2016 at 7:08 AM, Royce Williams <ro...@techsolvency.com> >> wrote: >> >> [snip] >> >>> IM

Re: Wanted: volunteers with bandwidth/storage to help save climate data

On Tue, Dec 20, 2016 at 7:08 AM, Royce Williams <ro...@techsolvency.com> wrote: [snip] > IMO, *operational, politics-free* discussion of items like these would > also be on topic for NANOG: > > - Some *operational* workarounds for country-wide blocking of > Facebook, Wha

Re: Wanted: volunteers with bandwidth/storage to help save climate data

On Wed, Dec 21, 2016 at 3:49 PM, Ken Chase wrote: > On Wed, Dec 21, 2016 at 04:41:29PM -0800, Doug Barton said: > [..] > >>Everyone has a line at which "I don't care what's in the pipes, I just > >>work here" changes into something more actionable. > > > >Stretched far

Re: Recent NTP pool traffic increase

On Tue, Dec 20, 2016 at 8:19 PM, Royce Williams <ro...@techsolvency.com> wrote: > On Tue, Dec 20, 2016 at 8:04 PM, Yury Shefer <she...@gmail.com> wrote: >> >> Google announced public NTP service some time ago: >> https://developers.google.com/time/ > > Lea

Re: Recent NTP pool traffic increase

On Tue, Dec 20, 2016 at 8:04 PM, Yury Shefer wrote: > > Google announced public NTP service some time ago: > https://developers.google.com/time/ Leap smearing does look interesting as way to sidestep the potentially-jarring leap-second problem ... but a note of caution. I've

Re: Wanted: volunteers with bandwidth/storage to help save climate data

n Sat, Dec 17, 2016 at 6:15 PM, Doug Barton wrote: > On 12/16/2016 1:48 PM, Hugo Slabbert wrote: >> >> This started as a technical appeal, but: >> >> https://www.nanog.org/list >> >> 1. Discussion will focus on Internet operational and technical issues as >> described in the

Re: Recent NTP pool traffic increase

On Mon, Dec 19, 2016 at 12:49 PM, Dan Drown wrote: > Quoting David : >> >> On 2016-12-19 1:55 PM, Jan Tore Morken wrote: >>> >>> On Mon, Dec 19, 2016 at 01:32:50PM -0700, David wrote: I found devices doing lookups for all of these at the same time

Re: Wanted: volunteers with bandwidth/storage to help save climate data

See also: https://twitter.com/textfiles/status/808715999042117632 https://twitter.com/textfiles/status/808922272551550976 Jason Scott‏@textfiles When your boss gives you the goahead to mirror 200tb of NOAA data, you run with it Don't let the fact that The Internet Archive is all over

Re: dilemmas

On Wed, Nov 2, 2016 at 6:47 PM, William Herrin wrote: > On Wed, Nov 2, 2016 at 10:39 PM, Randy Bush wrote: > > the sysadmins' dilemma: do you install today's critical update or wait a > > day until the next one is out before you reboot 50 servers? > > Neither. You

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

On Mon, Sep 26, 2016 at 7:23 AM, Mark Milhollan wrote: > > On Sun, 25 Sep 2016, Stephen Satchell wrote: > > >Yeah, right. I looked at BCP38.info, and there is very little concrete > >information. > > Yeah, it's pretty naked. But how-to isn't the usual stumbling block, as >

Re: Chinese root CA issues rogue/fake certificates

On Tue, Aug 30, 2016 at 9:11 PM, Royce Williams <ro...@techsolvency.com> wrote: > On Tue, Aug 30, 2016 at 8:38 PM, Eric Kuhnke <eric.kuh...@gmail.com> wrote: >> >> http://www.percya.com/2016/08/chinese-ca-wosign-faces-revocation.html >> >> One of the lar

Re: Chinese root CA issues rogue/fake certificates

On Tue, Aug 30, 2016 at 8:38 PM, Eric Kuhnke wrote: > > http://www.percya.com/2016/08/chinese-ca-wosign-faces-revocation.html > > One of the largest Chinese root certificate authority WoSign issued many > fake certificates due to an vulnerability. WoSign's free certificate

Re: Firewall list recommendations (config conversion options)

It might also be interesting to post some redacted/simplified examples of both formats. If the conversion is "just" text manipulation and reworking of logic, it might not be hard to cobble something basic together quickly, and then crowdsource improvements quickly on Github. Royce On Mon, Apr

Re: finding whois servers, was .pro whois registry down?

On Thu, Mar 10, 2016 at 6:57 AM, John R. Levine wrote: >>> >>> I've set up .ws.sp.am (that's ws for Whois Server) which is >>> updated every day from a variety of sources so it's pretty accurate. >>> It's had the right server for pro.ws.sp.am all along. > > >> Hey, that's

Re: finding whois servers, was .pro whois registry down?

On Thu, Mar 10, 2016 at 4:32 AM, John Levine wrote: > > _whois._tcp.pro. srv 0 100 43 whois.afilias.net. > > A swell idea, but unfortunately the idea of putting SRV records in > gTLD zones makes heads at ICANN explode. For RDAP there's a registry > at IANA but it's not

Re: FW: [tld-admin-poc] Fwd: Re: .pro whois registry down?

On Wed, Mar 9, 2016 at 3:54 PM, Mark Andrews wrote: > > Additionally 'whois' is free form text. Whois doesn't include a > AI to workout what this free form text means so, no, there isn't a > actual referral for a whois application to use. I'm not affiliated, but there are a

Re: remote serial console (IP to Serial)

On Tue, Mar 8, 2016 at 10:21 AM, Hugo Slabbert wrote: > On Tue 2016-Mar-08 19:10:14 +, Gavin Henry > wrote: > > Really love the Opengear IM range. We use IM4216's >> > > I'm surprised no one's mentioned freetserv[1] yet. I haven't used them so >

Re: Congrats to SMB!

On Thu, Feb 18, 2016 at 5:40 AM, Jay R. Ashworth wrote: > Let me be, apparently, the first to extend congratulations to long time > NANOGer, Columbia CS professor, security researcher, and co-inventor of > Usenet -- does anybody remember Usenet? :-) -- Steven M. Bellovin, who, >

Re: Team Cymru BGP bogon status ???

No direct knowledge, but from comments on another list, it may be intermittent. Jason Fesler of test-ipv6.com reported on Jan 30 2016 at 2:08 PM PST that his Team Cymru API connections for ISP ASN and Name checks broke, and pushed a workaround to all test nodes. He then reported at 7:30 PM PST

Re: [CVE-2015-7755] Backdoor in Juniper/ScreenOS

On Fri, Dec 18, 2015 at 8:03 AM, Steven M. Bellovin wrote: > On 18 Dec 2015, at 11:52, Steven M. Bellovin wrote: > >> On 18 Dec 2015, at 7:28, Dave Taht wrote: >> >>> I think "unauthorized code" is still plausible newspeak for "bug". >>> >>> Why blame finger foo when you

Re: IEEE OUI regauth (search ?) site

On Wed, Dec 9, 2015 at 6:32 AM, Brandon Applegate wrote: > They’ve made some changes recently - I had a perl script that would do the > lookup and scrape live - it was great. It broke a week or so ago. > > This seems to be the page to search for OUI: > >

Re: DNSSEC and ISPs faking DNS responses

On Sat, Nov 14, 2015 at 3:34 AM, Roland Dobbins wrote: >> >> More likely this is going to be iterations of what is already being more widely accepted. Downloadable pre-configured client software that works with a particular VPN service. > > > Again, downloading is a barrier to

Re: DNSSEC and ISPs faking DNS responses

On Fri, Nov 13, 2015 at 8:28 PM, Roland Dobbins wrote: > On 14 Nov 2015, at 11:32, Owen DeLong wrote: > > Go out onto the street and ask a random number of people over 30 if they >> know what a URL is and how to enter one into a browser. >> > > They don't know what URIs are,

Re: The spam is real

On Mon, Oct 26, 2015 at 9:10 AM, Pablo Lucena wrote: > On Sun, Oct 25, 2015 at 12:22 AM, Josh Luthman < > j...@imaginenetworksllc.com> > wrote: > > > Can we please get a filter for messages with the subject "Fw: new > message" > > ??? > > > ​So far I've dealt with it

Re: /27 the new /24

On Mon, Oct 12, 2015 at 7:23 AM, Todd Underwood wrote: > > it's also not entirely obvious what the point of having local IXes > that serve these kinds of collections of people. > > how much inter-ASN traffic is there generally for a city of 100k > people, even if they all

Re: PCH.net questions and thoughts - Re: Prefix hijacking by AS20115

On Tue, Sep 29, 2015 at 7:12 AM, Job Snijders wrote: > > Hi Bob, > > On Tue, Sep 29, 2015 at 08:05:45AM -0700, Bob Evans wrote: > > This seems like a very good proper civil approach - maybe this or > > something like it ARIN might help promote and endorse as a benefit to > >

Re: Ear protection

On Wed, Sep 23, 2015 at 1:34 AM, Nick Hilliard wrote: > What are people using for ear protection for datacenters these days? For me, it depends on the use case. If I need to monitor for other sounds, or listen to music: Bose QuietComfort 15 - discontinued, but still at

Re: Synful Knock questions...

HD Moore just posted the results of a full-Internet ZMap scan. I didn't realize that it was remotely detectable. 79 hosts total in 19 countries. https://zmap.io/synful/ Royce

Re: merry xmas

On Wed, Dec 24, 2014 at 9:27 AM, Ken Chase m...@sizone.org wrote: (mtr|lft|traceroute) xmas.futile.net And be sure to crank up the max hops a little higher than 100. Royce

Re: merry xmas

On Wed, Dec 24, 2014 at 9:38 AM, Jeroen Massar jer...@massar.ch wrote: On 2014-12-24 19:27, Ken Chase wrote: (mtr|lft|traceroute) xmas.futile.net Welcome to the end of 2014. If you are going to do a silly traceroute thing that has been done thousands of times before, at least use this new

Re: Bounce action notifications - NANOG mailing list changes yahoo.com users

On Fri, Oct 10, 2014 at 7:31 AM, Steve Atkins st...@blighty.com wrote: If your domain publishes p=reject it should not have any users that participate in mailing lists. Like many, I was pretty unhappy (and busy) with the unilateral changes made by Yahoo and AOL. But this understandable stance

Re: Bounce action notifications - NANOG mailing list changes yahoo.com users

On Thu, Oct 9, 2014 at 2:20 PM, Andrew Koch a...@gawul.net wrote: To correct this moving forward, selective rewriting of the from header has been recommended, but requires an upgrade to the Mailman software. If the admins have settled on a best practice, it could help other Mailman operators

Re: IPv6 Default Allocation - What size allocation are you giving out

On Wed, Oct 8, 2014 at 8:07 PM, Faisal Imtiaz fai...@snappytelecom.net wrote: Like I said, this was my understanding I am glad that it is being pointed out to be in-correct I don't have a reason for why a /64 as much as I also don't have any reason Why NOT So, let me ask the

Re: GMail contact - misroute / security issue

On Sun, Sep 28, 2014 at 7:42 PM, Grant Taylor gtay...@tnetconsulting.net wrote: My wife is receiving someone else's emails. Specifically she is receiving emails for first namemiddle initiallast name@gmail.com (no dots) when her email address is really same first name.same middle initial.same

Re: no more Send through Gmail option

On Fri, Sep 5, 2014 at 2:15 PM, Eduardo A. Suárez esua...@fcaglp.fcaglp.unlp.edu.ar wrote: Hi, according to this thread: https://productforums.google.com/forum/#!category-topic/gmail/GyeMcHv1U-g%5B1-25-false%5D Gmail isn't allowing anymore Send through Gmail option. Yep. Existing

Re: no more Send through Gmail option

On Fri, Sep 5, 2014 at 3:01 PM, Hugo Slabbert h...@slabnet.com wrote: If it really was more the former, there would be a if your SPF records include:_spf.google.com, you can still do it option, IMO. Manager: So, you're saying if we just check the SPF record when they set up the account, we

Re: NAT IP and Google

On Thu, May 22, 2014 at 7:26 AM, Derek Andrew derek.and...@usask.ca wrote: As others have said, Google's abuse systems are smart enough to understand NAT and proxies, and won't block on request volume alone. When we automatically apply a block, we'll generally offer a captcha to give innocent

Re: AOL Mail updates DMARC policy to 'reject'

On Fri, Apr 25, 2014 at 7:43 AM, Shrdlu shr...@deaddrop.org wrote: On 4/25/2014 8:00 AM, Leo Bicknell wrote: On Apr 23, 2014, at 12:45 AM, Grant Riddershortdudey...@gmail.com wrote: Thought i would throw this out there. Curious I unleashed grep on a couple of mailing lists I operate. I

Yahoo DMARC breakage

Am I interpreting this correctly -- that Yahoo's implementation of DMARC is broken, such that anyone using a Yahoo address to participate in a mailing list is dead in the water? http://www.ietf.org/mail-archive/web/ietf/current/msg87153.html

Re: Filter on IXP

On Sun, Mar 2, 2014 at 4:00 AM, Nick Hilliard n...@foobar.org wrote: There are many places where automated RPF makes a lot of sense. An IXP is not one of them. That make sense. Everyone is rightly resistant to automated filtering. But could we automate getting the word out instead? Can

Re: Filter NTP traffic by packet size?

Newb question ... other than retrofitting, what stands in the way of making BCP38 a condition of peering? Royce

Re: Filter NTP traffic by packet size?

On Sun, Feb 23, 2014 at 10:48 AM, Royce Williams ro...@techsolvency.com wrote: Newb question ... other than retrofitting, what stands in the way of making BCP38 a condition of peering? In other words ... if it's a problem of awareness, could upstreams automate warning their downstreams? What

Re: anybody seeing mail problems sending to yahoo.com? (and a yahoo email contact?)

deferred due to user complaints'. Royce Williams On Sat, Jan 4, 2014 at 6:05 AM, Miles Fidelman mfidel...@meetinghouse.netwrote: Hi Folks, I run a few small email lists that have some yahoo users on them - and I just started getting complaints about receiving multiple copies of messages

Re: The US government has betrayed the Internet. We need to take it back

On Fri, Sep 6, 2013 at 6:27 AM, Naslund, Steve snasl...@medline.com wrote: [snip] 1. We vote in a new executive branch every four years. They control and appoint the NSA director. Vote them out if you don't like how they run things. Do you think a President wants to maintain power? Of

Re: The US government has betrayed the Internet. We need to take it back

On Fri, Sep 6, 2013 at 6:55 AM, Royce Williams ro...@techsolvency.com wrote: Daniel Ellsberg's attempt to explain this to Kissinger is insightful. It's a pretty quick read, with many layers of important observations. (It's Mother Jones, but this content is apolitical): http

Re: The US government has betrayed the Internet. We need to take it back

On Fri, Sep 6, 2013 at 8:02 AM, Naslund, Steve snasl...@medline.com wrote: I am unclear on what you mean by technical choice. Are you talking about a technical solution to keep the government from seeing your traffic? That will not work for two main reasons. [good reasons snipped] Ah, I

Re: Yahoo is now recycling handles

On Thu, Sep 5, 2013 at 9:28 AM, Kee Hinckley naz...@marrowbones.com wrote: On Sep 4, 2013, at 9:47 PM, Leo Bicknell bickn...@ufp.org wrote: I've got to apologize publicly to Yahoo! here as part of my issue was my own stupidity. It appears in the past I've had multiple Yahoo! ID's and I was