Re: Something that should put a smile on everybody's face today

[Bryan Fields]

On 4/28/21 1:50 AM, Mel Beckman wrote:
> NANOG is not the right place to post this. This list is not an “interesting
> news group”, and as fascinating as the patent troll take down is, it has
> nothing to do with operational issues. Read the AUP, if your don’t believe
> me. Item 8:
> 
> Posts of a political, philosophical, or legal nature are prohibited.

Mel,

Looking at the usage guidelines
https://www.nanog.org/resources/usage-guidelines/, did you notice the section
"How to report a violation of these guidelines"?  #1 states "Subscribers who
are subject to or wish to report a violation of these guidelines should
contact us at admins [at] nanog.org."  Did you make such a complaint?

I didn't notice anything stating reporting it on-list is an option.  In fact
rule #15 seems to prohibit filing complaints on list.  I'm certainly not going
to make a formal complaint over what I'm sure is an out-of-character email.

FWIW, I found this of great interest.  The existence of overly broad patents
such as this harms the entire operator community and internet in general.
-- 
Bryan Fields

727-409-1194 - Voice
http://bryanfields.net

Re: Something that should put a smile on everybody's face today

[George Metz]

Respectfully Mel, the patent with Blackbird may well have been that -
my reading of the past case agrees with yours for the most part - but
the current case is Sable Networks suing Cloudflare over a patent
involving routers. Given the patent involved and the choice of
Cloudflare as a target, this well could snowball into a situation
where ANYONE using a router would be considered to be infringing, and
I submit that such a broad possible hit against the operator community
in general is most certainly a danger that operators should be aware
of, and if possible assist with defeating.

I'm well aware you said you were folding, but I think you were
accidentally looking at only the original case from a couple of years
ago, not the current case that is what brought this up - which is why
a number of us feel it meets the letter of the rules, as well as the
spirit.

George

On Wed, Apr 28, 2021 at 2:26 PM Mel Beckman  wrote:
>
> Bill,
>
> Blackbird chooses its victims based on whether any of a couple dozen vague 
> patents they hold can plausibly be used to extort money out of a victim 
> company. BB doesn’t go after service providers in particular, it just happens 
> to have chosen a service provider (unwisely, it turns out) in this case.
>
> There are no operational issues here. No individual Internet protocol or 
> technology “many of  us use” was named. The patent was invalid on its face, 
> as it only described an abstract idea — “Providing an internet third party 
> data channel” — in the most general terms possible, not as an invention, as 
> required by U.S. patent law.
>
> The only difference between Cloudfare and BB’s other victims was that, rather 
> than compute the instant cost-benefit analysis most companies do (“It will 
> cost us tens of thousands to fight this, but only a few thousand to settle” 
> ), Cloudfare valiantly chose to stand on principle, rather than mathematics, 
> and fought the claim. By that simple act, the case by BB was thrown out 
> virtually instantaneously.
>
> Judge Vince Chhabria held that “abstract ideas are not patentable” and 
> Blackbird’s assertion of the patent “attempts to monopolize the abstract idea 
> of monitoring a preexisting data stream between a server and a client” was 
> not an invention. The case was rejected before it started because the court 
> found Blackbird’s patent to be invalid.
>
> The choice to fold or fight in a patent troll battle is clearly a 
> philosophical one, not a network operational decision. Now, rather than 
> lengthen this out-of-policy thread further, I will take the non-valiant 
> “fold” path, and leave the rest of you to your perpetual arguments.
>
>  -mel
>
> On Apr 28, 2021, at 10:41 AM, William Herrin  wrote:
>
> On Wed, Apr 28, 2021 at 10:20 AM Mel Beckman  wrote:
>
> This dispute is no different than if they had gotten into an argument
>
> over a copier toner scammer.
>
>
> Hi Mel,
>
> If the patents at issue pertained to copier toner I might agree with
> you. They're networking patents purporting to govern technologies many
> if not most of us use.
>
> Regards,
> Bill Herrin
>
>
> --
> William Herrin
> b...@herrin.us
> https://bill.herrin.us/

Re: Myanmar internet - something to think about if you're having a bad day

[Eric Kuhnke]

None of them are a good option. In the specific case of Pakistan, the
periodic shutdowns and blockages have been 'moderate' enough, if that's an
appropriate word to use, that *most* of the time, Telenor's customers have
ordinary Internet service. Over the long run it is probably a benefit that
its customers have their LTE data services.

Within that specific example I should also note that there has been very
little effort put on a nation-wide scale to implement technology which can
do DPI and drop/blackholing of VPN traffic. Even though the Internet
traffic for the country runs through a few choke points, there does not
appear to be government-operated technical capability or the budget to
implement something on the scale of the great firewall.

There's plenty of non technical teenagers in Pakistan with VPN clients on
their phone or laptop who seem perfectly capable of using a VPN to watch
Youtube or access Twitter and other social media, during the periods of
time that the government orders things to be blocked.

Along with all feasible attempts at lobbying, I would propose a 4th
alternate to the scenarios outlined, which is to provide funding and
financial support (from a telecom's headquarters in Europe or the USA) for
civil society institutions and non-profits related to bypassing Internet
censorship, and lobbying against it. Such as the EFF, funding for the tor
project, supporting the work of various GPL/BSD licensed VPN technologies
(openvpn, wireguard, etc) and their continuing development, etc.




On Wed, Apr 28, 2021 at 11:03 AM Christopher Morrow 
wrote:

> (I'm sure i'll regret this, but...)
>
> On Wed, Apr 28, 2021 at 1:48 PM Eric Kuhnke  wrote:
>
>> It should be noted that Telenor has been one of the nationwide license
>> holders for 3GPP cellular bands in Pakistan for a long time, and has
>> encountered the same issues with regional network shutdowns, and government
>> orders to block certain netblocks or services.
>>
>> Not to the same extent as what's going on right now in Myanmar, but
>> absolutely it meets the definition of what a (western European, North
>> American) person would consider to be unconscionable and unwarranted
>> government Internet censorship and interference with telecoms.
>>
>>>
>>>
> So, what would be the correct set of actions here (for a company)?
>
> it sounds like some version of the proposal is:
>   "Pull up stakes, stop offering services in places that may/do impose
> 'draconian' methods of 'censorship'"
>  (note intentionally quoted draconian/censorship - I don't mean/want
> to put a value on those words)
>
> or perhaps:
>   "Lobby the gov't(s) in these situations to NOT do the things they keep
> doing"
>
> or finally:
>   "refuse to comply with requests/orders from govt(s) to do these things"
>
> I think the last is 'impractical', I expect the 1st is also a tough pill
> to swallow for a large multinational telcom... the middle may already be
> being done, but is unlikely to help.
>
> So, aside from: you ought not do that! from
> the sidelines... what should a responsible Corpo do?
>

Re: Something that should put a smile on everybody's face today

[Mel Beckman]

Bill,

Blackbird chooses its victims based on whether any of a couple dozen vague 
patents they hold can plausibly be used to extort money out of a victim 
company. BB doesn’t go after service providers in particular, it just happens 
to have chosen a service provider (unwisely, it turns out) in this case.

There are no operational issues here. No individual Internet protocol or 
technology “many of  us use” was named. The patent was invalid on its face, as 
it only described an abstract idea — “Providing an internet third party data 
channel” — in the most general terms possible, not as an invention, as required 
by U.S. patent law.

The only difference between Cloudfare and BB’s other victims was that, rather 
than compute the instant cost-benefit analysis most companies do (“It will cost 
us tens of thousands to fight this, but only a few thousand to settle” ), 
Cloudfare valiantly chose to stand on principle, rather than mathematics, and 
fought the claim. By that simple act, the case by BB was thrown out virtually 
instantaneously.

Judge Vince Chhabria held that “abstract ideas are not patentable” and 
Blackbird’s assertion of the patent “attempts to monopolize the abstract idea 
of monitoring a preexisting data stream between a server and a client” was not 
an invention. The case was rejected before it started because the court found 
Blackbird’s patent to be invalid.

The choice to fold or fight in a patent troll battle is clearly a philosophical 
one, not a network operational decision. Now, rather than lengthen this 
out-of-policy thread further, I will take the non-valiant “fold” path, and 
leave the rest of you to your perpetual arguments.

 -mel

On Apr 28, 2021, at 10:41 AM, William Herrin  wrote:

On Wed, Apr 28, 2021 at 10:20 AM Mel Beckman  wrote:
This dispute is no different than if they had gotten into an argument
over a copier toner scammer.

Hi Mel,

If the patents at issue pertained to copier toner I might agree with
you. They're networking patents purporting to govern technologies many
if not most of us use.

Regards,
Bill Herrin


--
William Herrin
b...@herrin.us
https://bill.herrin.us/

Re: Myanmar internet - something to think about if you're having a bad day

[Christopher Morrow]

(I'm sure i'll regret this, but...)

On Wed, Apr 28, 2021 at 1:48 PM Eric Kuhnke  wrote:

> It should be noted that Telenor has been one of the nationwide license
> holders for 3GPP cellular bands in Pakistan for a long time, and has
> encountered the same issues with regional network shutdowns, and government
> orders to block certain netblocks or services.
>
> Not to the same extent as what's going on right now in Myanmar, but
> absolutely it meets the definition of what a (western European, North
> American) person would consider to be unconscionable and unwarranted
> government Internet censorship and interference with telecoms.
>
>>
>>
So, what would be the correct set of actions here (for a company)?

it sounds like some version of the proposal is:
  "Pull up stakes, stop offering services in places that may/do impose
'draconian' methods of 'censorship'"
 (note intentionally quoted draconian/censorship - I don't mean/want to
put a value on those words)

or perhaps:
  "Lobby the gov't(s) in these situations to NOT do the things they keep
doing"

or finally:
  "refuse to comply with requests/orders from govt(s) to do these things"

I think the last is 'impractical', I expect the 1st is also a tough pill to
swallow for a large multinational telcom... the middle may already be being
done, but is unlikely to help.

So, aside from: you ought not do that! from
the sidelines... what should a responsible Corpo do?

Re: Myanmar internet - something to think about if you're having a bad day

[Eric Kuhnke]

It should be noted that Telenor has been one of the nationwide license
holders for 3GPP cellular bands in Pakistan for a long time, and has
encountered the same issues with regional network shutdowns, and government
orders to block certain netblocks or services.

Not to the same extent as what's going on right now in Myanmar, but
absolutely it meets the definition of what a (western European, North
American) person would consider to be unconscionable and unwarranted
government Internet censorship and interference with telecoms.

They've shown no signs of pulling out of Pakistan or making operational
changes as a result of this, over the past ten years. My personal opinion
is that Telenor (PK) has weighed the risks, and judged that they possess
neither the political capital, influence or leverage to ignore the
government's occasional Internet shutdown orders.

"Westerners" might be surprised to learn the extent that some of the major
international/developing-nation specialist 3GPP carriers seem to be quite
fine with operating in non-democratic regimes and bending their telecom's
operational policies to suit local laws. In particular I'm thinking of the
above Telenor example, but also MTN in many nations in Africa, Orange, and
Airtel, in their operations in many different nations.

Then on the other hand you have telecom entities which originate from
highly censored political systems, one of the other 3GPP band operators in
Pakistan (Zong) is owned by a Chinese domestic telecom company.







On Mon, Apr 26, 2021 at 11:51 PM Bjørn Mork  wrote:

> scott  writes:
>
> > Telenor and Ooredoo, it's time to do the right thing.
>
> Wrt Telenor, please see the info posted at
>
> https://www.telenor.com/sustainability/responsible-business/human-rights/mitigate/human-rights-in-myanmar/directives-from-authorities-in-myanmar-february-2021/
>
>
> Bjørn
>

Re: Something that should put a smile on everybody's face today

[Mel Beckman]

Michael,

No, I explained very clearly that my comments about DoD address space were not 
related to any single party — in fact, government malfeasance with citizen data 
has gone on equally with every administration since J. Edgar Hoover ran the 
FBI. THAT is clearly an operational issue, since operators have to decide if 
they’re going to let this bizarre IP space enter their networks.

But your comments do drip — with venom and bile — so this conversation is over.

 -mel

On Apr 28, 2021, at 10:28 AM, Michael Thomas  wrote:




On 4/28/21 10:19 AM, Mel Beckman wrote:
Michael,

Sorry, but Cloudfare wasn’t sued because they’re a service provider. This 
dispute is no different than if they had gotten into an argument over a copier 
toner scammer. And your snide remark about my comments, claiming they are 
political, is uncalled for.  I fastidiously avoid making political comments, 
and take pains to explain my operational concerns if there might be any doubt 
(as I did with the Parler cancellations).

I never said the copyright troll issue isn’t important. It just doesn’t belong 
on NANOG. It hinges entirely on philosophical issues with the PTO.


Snort. Your gubbermint conspiracy theories about the DoD address space dripped 
of politics.

They were sued because they are a service provider with money and they are 
fighting back asking for the community to help out. As William said, that seems 
pretty on-topic to me. This community is in a good position to provide that 
help which would be of benefit to NANOG in general. Again, on-topic for network 
operators.

Mike

Re: Something that should put a smile on everybody's face today

[William Herrin]

On Wed, Apr 28, 2021 at 10:20 AM Mel Beckman  wrote:
> This dispute is no different than if they had gotten into an argument
> over a copier toner scammer.

Hi Mel,

If the patents at issue pertained to copier toner I might agree with
you. They're networking patents purporting to govern technologies many
if not most of us use.

Regards,
Bill Herrin


-- 
William Herrin
b...@herrin.us
https://bill.herrin.us/

Re: Something that should put a smile on everybody's face today

[Michael Thomas]

On 4/28/21 10:19 AM, Mel Beckman wrote:

Michael,

Sorry, but Cloudfare wasn’t sued /because/ they’re a service provider. 
This dispute is no different than if they had gotten into an argument 
over a copier toner scammer. And your snide remark about my comments, 
claiming they are political, is uncalled for.  I fastidiously avoid 
making political comments, and take pains to explain my operational 
concerns if there might be any doubt (as I did with the Parler 
cancellations).


I never said the copyright troll issue isn’t important. It just 
doesn’t belong on NANOG. It hinges entirely on philosophical issues 
with the PTO.


Snort. Your gubbermint conspiracy theories about the DoD address space 
dripped of politics.


They were sued because they are a service provider with money and they 
are fighting back asking for the community to help out. As William said, 
that seems pretty on-topic to me. This community is in a good position 
to provide that help which would be of benefit to NANOG in general. 
Again, on-topic for network operators.


Mike

Re: Something that should put a smile on everybody's face today

[Mel Beckman]

Michael,

Sorry, but Cloudfare wasn’t sued because they’re a service provider. This 
dispute is no different than if they had gotten into an argument over a copier 
toner scammer. And your snide remark about my comments, claiming they are 
political, is uncalled for.  I fastidiously avoid making political comments, 
and take pains to explain my operational concerns if there might be any doubt 
(as I did with the Parler cancellations).

I never said the copyright troll issue isn’t important. It just doesn’t belong 
on NANOG. It hinges entirely on philosophical issues with the PTO.

 -mel

On Apr 28, 2021, at 9:54 AM, Michael Thomas  wrote:


On 4/28/21 2:04 AM, William Herrin wrote:
On Tue, Apr 27, 2021 at 10:51 PM Mel Beckman  wrote:
NANOG is not the right place to post this. This list is not an “interesting 
news group”, and as fascinating as the patent troll take down is, it has 
nothing to do with operational issues. Read the AUP, if your don’t believe me. 
Item 8:
A major North American Operator goes after some industry boogeymen who
tried to extort them with a router (Networking) patent. Seems pretty
on topic to me.

Doubly so because this is exactly the right community that can help eliminate 
an industry scourge with its knowledge of prior art, etc.

Mike

Re: Something that should put a smile on everybody's face today

[Michael Thomas]

On 4/28/21 2:04 AM, William Herrin wrote:

On Tue, Apr 27, 2021 at 10:51 PM Mel Beckman  wrote:

NANOG is not the right place to post this. This list is not an “interesting 
news group”, and as fascinating as the patent troll take down is, it has 
nothing to do with operational issues. Read the AUP, if your don’t believe me. 
Item 8:

A major North American Operator goes after some industry boogeymen who
tried to extort them with a router (Networking) patent. Seems pretty
on topic to me.

Doubly so because this is exactly the right community that can help 
eliminate an industry scourge with its knowledge of prior art, etc.


Mike

Re: Something that should put a smile on everybody's face today

[Michael Thomas]

Cloudflare is a service provider. Getting sued by patent trolls is an 
operational issue. And you're a fine one to complain about political 
axes to grind.


Mike

On 4/27/21 10:50 PM, Mel Beckman wrote:
NANOG is not the right place to post this. This list is not an 
“interesting news group”, and as fascinating as the patent troll take 
down is, it has nothing to do with operational issues. Read the AUP, 
if your don’t believe me. Item 8:


Posts of a political, philosophical, or legal nature are prohibited.

I for one don’t want the list to be overrun again by people with a 
political axe to grind, no matter how noble.


 -mel

On Apr 27, 2021, at 3:34 PM, Justin Paine via NANOG  
wrote:



Correction -- another one. 
https://blog.cloudflare.com/winning-the-blackbird-battle/ 
  :)


Here's an except from the new blog post:

offering $100,000 to be shared by the winners who are successful in 
finding such prior art.


Please help!

__
*Justin Paine*
He/Him/His
Head of Trust & Safety
101 Townsend St, San Francisco, CA 94107

*PGP:* BBAA 6BCE 3305 7FD6 6452 7115 57B6 0114 DE0B 314D 





On Tue, Apr 27, 2021 at 3:26 PM Michael Thomas > wrote:



And we can help! Cloudflare is setting out to destroy a patent troll:


https://www.techdirt.com/articles/20210426/09454946684/patent-troll-sable-networks-apparently-needs-to-learn-lesson-cloudflare-wants-to-destroy-another-troll



Mike

Re: DNSSEC Best Practices

[Robert Story]

On Wed 2021-04-28 12:02:18+0200 Mark wrote:
> On 4/28/21 11:51, Tony Finch wrote:
> 
> > Yes. I recommend p256 because the security advantages of p384 are
> > not significant enough to justify the increased costs in space
> > (packet size) and time.  
> 
> Both 13 and 14 are already smaller than 8 (which is the most widely 
> deployed algorithm today).

For those interested, actual numbers for algorithm deployment can be
found in the DNSSEC parameter frequency analysis section of
https://stats.dnssec-tools.org/.


-- 
Robert Story 
USC Information Sciences Institute 

RE: EMail server gets blocked by Microsoft

[Jean St-Laurent via NANOG]

I just unlocked ddostest.me with this tool for outlook.com, Hotmail.com, 
msn.com and maybe all the O365 suite.

 

It was fix in less than 24 hours.

 

Thanks for the tip

Jean

 

From: NANOG  On Behalf Of Mike Hammett
Sent: April 28, 2021 7:52 AM
To: Michael Fallen 
Cc: nanog@nanog.org
Subject: Re: EMail server gets blocked by Microsoft

 

Neither Microsoft nor Google have been successful at making tools that work for 
low-volume mailers. They seem to think that if you're not in their club, you're 
either a commercial email marketing firm or SPAM.



-
Mike Hammett
  Intelligent Computing Solutions
   
  
  
 
  Midwest Internet Exchange
   
  
 
  The Brothers WISP
   
 

  _  

From: "Michael Fallen" 
To: "Dominque Roux" 
Cc: nanog@nanog.org
Sent: Tuesday, April 27, 2021 9:22:29 AM
Subject: Re: EMail server gets blocked by Microsoft

Microsoft seems to be one of the worst offenders in terms of having a 
email blocking blackbox. Good luck getting in contact with someone as 
well. Throughout the years of self-hosting email they have always been 
the most problematic of the large providers.

--
Mike

Dominque Roux wrote on 2021-04-27 3:35 AM:
> Hi All,
>
> is there anyone out there who has some experience with the blocking
> mechanism of Microsofts mail server? We're running a mail server at our
> company which ends up on their blacklist from time to time and we're
> wondering if there are some steps we could take in order to prevent this.
>
> Cheers,
> Dominique

 

Re: EMail server gets blocked by Microsoft

[Mike Hammett]

Neither Microsoft nor Google have been successful at making tools that work for 
low-volume mailers. They seem to think that if you're not in their club, you're 
either a commercial email marketing firm or SPAM. 




- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 

- Original Message -

From: "Michael Fallen"  
To: "Dominque Roux"  
Cc: nanog@nanog.org 
Sent: Tuesday, April 27, 2021 9:22:29 AM 
Subject: Re: EMail server gets blocked by Microsoft 

Microsoft seems to be one of the worst offenders in terms of having a 
email blocking blackbox. Good luck getting in contact with someone as 
well. Throughout the years of self-hosting email they have always been 
the most problematic of the large providers. 

-- 
Mike 

Dominque Roux wrote on 2021-04-27 3:35 AM: 
> Hi All, 
> 
> is there anyone out there who has some experience with the blocking 
> mechanism of Microsofts mail server? We're running a mail server at our 
> company which ends up on their blacklist from time to time and we're 
> wondering if there are some steps we could take in order to prevent this. 
> 
> Cheers, 
> Dominique 

Re: EMail server gets blocked by Microsoft

[Jim Popovitch via NANOG]

On Wed, 2021-04-28 at 09:30 +0200, Markus wrote:
> Am 27.04.2021 um 16:46 schrieb Brian Turnbow via NANOG:
> > Hi Dominque,
> > 
> > And sign up for snds
> > 
> > https://sendersupport.olc.protection.outlook.com/snds/index.aspx 
> > 
> > 
> > It will give you the status of your IPs and  you can get jenkmail 
> > reports etc.
> 
> That shit doesn't even work. Just tried. First, you HAVE TO create a 
> Microsoft account to access it. Then, solve some riddles. Enter the IP 
> range you're responsible for. Receive an E-Mail containing a 
> confirmation link which you must click on, and if you do, you get: 
> "Unknown authorization request ID". (Yeah, c doesn't work either) And 
> that's it. And you just wasted 5 minutes of your life. So typical.

ProTip: Click "Access Control" on the left hand side of the page after
you get the "Unknown authorization request ID" error.  :)

-Jim P.

Re: [nanog] TC x IRRd 4.2

[Job Snijders via NANOG]

Dear Ruben, all,

On Tue, Apr 27, 2021 at 10:18:32PM -0300, Rubens Kuhl wrote:
> TC IRR, an IRR operator focused on Brazilian networks, just changed to
> IRRd 4.2.  The new version allowed TC to deploy RPKI validation
> (thanks NTT for sponsoring that development) and expose HTTPS
> endpoints for WHOIS and submission that we hope will foster innovation
> around the database.
> 
> Every precaution was taken for this migration to be seamless for other IRR
> operators, including matching of serial numbers. Every IRR server that
> mirrored TC and supported -j status query was verified that it followed and
> still correctly follows database journals.
> 
> But if anything appears broken, please let me know or e-mail
> db-ad...@bgp.net.br.

Congratulations to you and the TC team for reaching this milestone!

TC's use of RPKI-based IRR Object filtering combined with the efforts of
NIC.BR, IX.br, and LACNIC to promote RPKI in Brazil, make the Brazilian
community a positive example of a seamless integration between IRR and
RPKI.

Thank you for your efforts to increase the data quality of the TC
registry.

Kind regards,

Job

Re: DNSSEC Best Practices

[Mark Tinka]

On 4/28/21 11:51, Tony Finch wrote:


Yes. I recommend p256 because the security advantages of p384 are not
significant enough to justify the increased costs in space (packet size)
and time.


Both 13 and 14 are already smaller than 8 (which is the most widely 
deployed algorithm today).


512 bits vs 768 bits is not going to break the Internet.

Mark.

Re: DNSSEC Best Practices

[Tony Finch]

Arne Jensen  wrote:
>
> RFC8624 "Algorithm Implementation Requirements and Usage Guidance for
> DNSSEC"
>
> -> https://tools.ietf.org/html/rfc8624
>
> > What algorithms do you typically sign with
> > (RSASHA256, ECDSAP256SHA256, both, something other)?
>
> Those two mentioned are the ones that the vast majority seems to sign with.

Yes. I recommend p256 because the security advantages of p384 are not
significant enough to justify the increased costs in space (packet size)
and time.

If for some terrible reason you need to use RSASHA256, use 2048 bit keys,
same as the root zone.

In the future when support is widespread enough, ed25519 will be the best
choice.

> SHA256 and SHA512 have been discussed about vulnerable to length
> extension attacks, where SHA384 hasn't:

Length extension attacks aren't a problem in this context.

Tony.
-- 
f.anthony.n.finchhttps://dotat.at/
Lough Foyle to Carlingford Lough: Northerly or northeasterly 4 or 5,
occasionally 6 at first in far southeast, becoming variable 2 or 3
later. Slight, occasionally moderate at first. Fair at first, then
showers. Good.

Re: Something that should put a smile on everybody's face today

[William Herrin]

On Tue, Apr 27, 2021 at 10:51 PM Mel Beckman  wrote:
> NANOG is not the right place to post this. This list is not an “interesting 
> news group”, and as fascinating as the patent troll take down is, it has 
> nothing to do with operational issues. Read the AUP, if your don’t believe 
> me. Item 8:

A major North American Operator goes after some industry boogeymen who
tried to extort them with a router (Networking) patent. Seems pretty
on topic to me.

Regards,
Bill Herrin

-- 
William Herrin
b...@herrin.us
https://bill.herrin.us/

Re: DNSSEC Best Practices

[Mark Tinka]

On 4/27/21 22:56, Arne Jensen wrote:

In the end, I would simply set up everything with 14 4, a.k.a. 
ECDSAP384SHA384, unless any customers/clients could provide valid 
justification (including evidence) why it "cannot" be used, such as 
e.g. a TLD not supporting it, could be valid justification to make an 
exception for that particular TLD. But in order to make that 
exception, there would need to be evidence (from the customer/client) 
documenting the claim, so they cannot just go with "I don't like this 
algorithm", or other useless crap to go down to for example SHA1.


It would likewise be mandatory, if I had anything to say, for public 
sector/government and financial institutions (banks, card issuers, and 
so on), to run DNSSEC and to always secure that they had the strongest 
possible algorithms on it.



NB: The reason I'm writing 14 4, a.k.a. ECDSAP384SHA384 all along is 
that I've seen DNSSEC signatures with 14 2 (ECDSAP384SHA256), which I 
would find quite weird.




I've been happy with ECDSAP384SHA384 for a few months now. No issues to 
report. All works. My registrar supports it. End of.


The only other thing I can say to the OP is the whether the registrar 
supports the uploading of DS records, or derives the DS record from the 
DNSKEY you submit to them. From another list discussion a while back, 
the world appears to be split 50/50 on this.


Mark.

Re: DNSSEC Best Practices

[Mark Tinka]

On 4/27/21 21:31, Eric Germann via NANOG wrote:


What algorithms do you typically sign with (RSASHA256, 
ECDSAP256SHA256, both, something other)?


I've been using ECDSAP384SHA384 (14) for a few months now, with no 
problems of note.


I know that ECDSAP256SHA256 (13) is "firmer", but hey :-)...

Mark.

Re: EMail server gets blocked by Microsoft

[Markus]

Am 27.04.2021 um 16:46 schrieb Brian Turnbow via NANOG:

Hi Dominque,

And sign up for snds

https://sendersupport.olc.protection.outlook.com/snds/index.aspx 



It will give you the status of your IPs and  you can get jenkmail 
reports etc.


That shit doesn't even work. Just tried. First, you HAVE TO create a 
Microsoft account to access it. Then, solve some riddles. Enter the IP 
range you're responsible for. Receive an E-Mail containing a 
confirmation link which you must click on, and if you do, you get: 
"Unknown authorization request ID". (Yeah, c doesn't work either) And 
that's it. And you just wasted 5 minutes of your life. So typical.