On Thu, May 22, 2008 12:17, Jan Ingvoldstad wrote: > Since there appears to be some confusion regarding the impact of old IP > address entries for root servers, this blog entry by David Conrad may be > of interest, perhaps especially the comment by Bill Manning and David's > response:
Yes, I'm aware of that post. I think it shows no concrete security implications, even though it being "bad form". > Regarding the security considerations, I think it's strange that e.g. IP > address redelegation hasn't been mentioned. If this issue isn't resolved > as an update to the current stable distribution, people will be refering > to the old IP address for years to come, and who knows what happens to old > nameserver IP addresses in that time frame? It will be considered to be updated in the next stable point update (provided that the maintainer or someone else provides a fixed package and it's accepted by the stable release managers). We are not currently, however, considering to release it as a DSA. I've sought input on how other vendors regard this issue; if many other vendors will release advisories we may follow to prevent user confusion. I hope to get some input on that soon. > Should this _really_ rely on the goodwill of the people who at any moment > in time manages the IP address? It's very important to note here that the goodwill of people that manage the current IP addresses, connectivity or housing of any active root nameserver is equally relied upon. Thijs -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
