Em 29/08/2014, à(s) 12:40:000, David Conrad <[email protected]> escreveu:
> Hi, > > On Aug 28, 2014, at 11:59 PM, Patrik Fältström <[email protected]> wrote: >> On 29 aug 2014, at 07:04, SM <[email protected]> wrote: >>> At 14:13 28-08-2014, Rod Rasmussen wrote: >>>> I note that these documents speak to many of the issues being exposed here >>>> (and yes, full disclosure, I wrote a small portion of the text/reviewed >>>> them): >>> >>> Was there a response to those issues? > > For details of ICANN’s efforts related to name collisions, please see > https://www.icann.org/resources/pages/name-collision-2013-12-06-en. > >> Some, but also referrals to issues still under a disclosure policy not made >> public. > > For clarification: > > During the analysis associated with name collision, JAS Global Advisors > discovered a vulnerability. In keeping with ICANN’s “Coordinated > Vulnerability Disclosure Reporting” policy, JAS notified ICANN and the > affected vendor(s). The exact nature of the vulnerability has not yet been > released as the vendor(s) work to mitigate the potential impact of the > vulnerability. > > Full disclosure: I was on contract to JAS during their name collision efforts > and have since joined ICANN. David, Does the affected vendor(s) have an expected forecast to address the vulnerability so JAS/ICANN can come forward with the issue ? Rubens _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
