Re: Verizon Policy Statement on Net Neutrality
Many other organizations who were innovating will be affected by the new rules. Many of those organizations are very small and cannot afford the army of lawyers that Verizon can. Judgements as to whether Net Neutrality helps or harms any specific industry will be inevitably guided by politics. The mere fact that politics has become a guiding factor in Internet-related public policy is an indicator that we must tread cautiously. And, no, I do not think recent regulatory efforts have been suitably cautious. Enacting unpublished rules violates the spirit and history of open design, open discussion, and open standards that have made the Internet what it is today. Kelly On 3/9/15, 10:55 AM, list_na...@bluerosetech.com list_na...@bluerosetech.com wrote: They want to bang on about the ruling harming innovation and competition. My response: Well, you were neither innovating nor competing as is, so no harm done. *** CONFIDENTIALITY NOTICE *** This e-mail message and all attachments transmitted with it may contain legally privileged and confidential information intended solely for the use of the addressee. If the reader of this message is not the intended recipient, you are hereby notified that any reading, dissemination, distribution, copying, or other use of this message or its attachments is strictly prohibited. If you have received this message in error, please notify the sender immediately and delete this message from your system. Thank you.
Re: HTTPS redirects to HTTP for monitoring
I don't know if you're referring to HSTS. If not, it's worth noting in this thread. As I understand HSTS, session decryption is still possible on sites that send the 'Strict-Transport-Security' header. See: https://tools.ietf.org/html/rfc6797 I suspect it's only a matter of time before browsers become suspicious by default, requiring that HTTPS responses be signed and requiring that SSL certificates come from trusted sources. In other words, HSTS is the next step in a long-running arms race. It will not be the last. See this 1997 article for a taste: http://www.apacheweek.com/features/ssl Money quote: The US Government imposes export restrictions on arms, in a set of rules called ITAR All of this points to the deficiency of the existing commercial certificate authority system. The fact that organizations can easily purchase software specifically designed to subvert encrypted communication channels is proof that HTTPS security is an illusion. Kelly On 1/18/15, 12:31 PM, William Waites wwai...@tardis.ed.ac.uk wrote: On 18 Jan 2015 18:15:09 -, John Levine jo...@iecc.com said: I expect your users would fire you when they found you'd blocked access to Google. Doesn't goog do certificate pinning anyways, at least in their web browser? *** CONFIDENTIALITY NOTICE *** This e-mail message and all attachments transmitted with it may contain legally privileged and confidential information intended solely for the use of the addressee. If the reader of this message is not the intended recipient, you are hereby notified that any reading, dissemination, distribution, copying, or other use of this message or its attachments is strictly prohibited. If you have received this message in error, please notify the sender immediately and delete this message from your system. Thank you.
RE: The stupidity of trying to fix DHCPv6
-Original Message- From: Jimmy Hess [mailto:mysi...@gmail.com] Sent: Sunday, June 12, 2011 8:43 PM To: nanog@nanog.org Subject: Re: The stupidity of trying to fix DHCPv6 On Sun, Jun 12, 2011 at 8:29 PM, Leo Bicknell bickn...@ufp.org wrote: DHCP today uses an exponential backoff if there is no response, I don't [snip] This could have been (but was unfortunately not) mitigated in the v6 specs by adding options to DHCPv4 to configure IPv6 address and gateway at the same time IPv4 configuration is received, in lieu of using v6 based protocols for config; [snip] I've observed that when the unwashed masses begin deploying new technologies, they have a terrible tendency to be disobedient, to change the rules, to revise specs. While the implementers implement and the operators operate, the professors profess to a quickly emptying lecture hall. I have great faith that the experienced and pragmatic people who have to work with IPv6 on a daily basis will resolve things like the DHCP6/RA imbroglio. IPv6 will be much different in a few years. As a host guy in an enterprise-type organization, I'm looking forward to what you and people like you will cook up. /pep talk Kelly *** CONFIDENTIALITY NOTICE *** This e-mail message and all attachments transmitted with it may contain legally privileged and confidential information intended solely for the use of the addressee. If the reader of this message is not the intended recipient, you are hereby notified that any reading, dissemination, distribution, copying, or other use of this message or its attachments is strictly prohibited. If you have received this message in error, please notify the sender immediately and delete this message from your system. Thank you.
RE: The stupidity of trying to fix DHCPv6
-Original Message- From: Leo Bicknell [mailto:bickn...@ufp.org] Sent: Monday, June 13, 2011 7:55 PM To: nanog@nanog.org Subject: Re: The stupidity of trying to fix DHCPv6 [snip] I understand on some level why the IETF doesn't want DHCPv4 to be able to hand out IPv6 stuff, and doesn't want DHCPv6 to hand out IPv4 stuff. In the long run if you assume we transition to IPv6 and run only IPv6 for years after that it makes sense. However, I do think a single option is needed in both, ProtocolsAvailable. Today it could have 4 or 6, or 4,6. [snip] DNS is two-legged. DNS and DHCP are so intertwined from an operational perspective, I don't see how we'll get through this without DHCP becoming two-legged. This would allow end stations to greatly optimize their behavior at all stages of deployment. +1 Kelly *** CONFIDENTIALITY NOTICE *** This e-mail message and all attachments transmitted with it may contain legally privileged and confidential information intended solely for the use of the addressee. If the reader of this message is not the intended recipient, you are hereby notified that any reading, dissemination, distribution, copying, or other use of this message or its attachments is strictly prohibited. If you have received this message in error, please notify the sender immediately and delete this message from your system. Thank you.
RE: Cogent IPv6
-Original Message- From: r...@u13.net [mailto:r...@u13.net] Sent: Wednesday, June 08, 2011 9:19 AM To: nanog@nanog.org Subject: Re: Cogent IPv6 On Wed, 8 Jun 2011 09:51:21 -0400, Nick Olsen wrote: I'm sure someone here is doing IPv6 peering with cogent. We've got a Gig [SNIP] We have separate v4 and v6 sessions with them on the same dual-stack interface (a v4 /29 and v6 /112 on the interface). One session is between our v4 address and theirs, and carries v4 prefixes only. Then another session between v6 addresses that carries v6 prefixes only. IPv6 newbie alert! I thought the maximum prefix length for IPv6 was 64 bits, so the comment about a v6 /112 for peering vexed me. I have Googled so much that Larry Page called me and asked me to stop. Can someone please point me to a resource that explains how IPv6 subnets larger than 64 bits function and how they would typically be used? thanks, Kelly *** CONFIDENTIALITY NOTICE *** This e-mail message and all attachments transmitted with it may contain legally privileged and confidential information intended solely for the use of the addressee. If the reader of this message is not the intended recipient, you are hereby notified that any reading, dissemination, distribution, copying, or other use of this message or its attachments is strictly prohibited. If you have received this message in error, please notify the sender immediately and delete this message from your system. Thank you.