On Thu, Oct 4, 2018 based on the
at 1:15 PM Bill Woodcock wrote:
> > On Oct 4, 2018, at 11:10 AM, John Curran wrote:
> > ARIN had been inconsistent in our approach to ... DNSSEC services over
> the years.
>
> There is no room for inconsistency in the application of security.
>
> You’re entirely
Total of 13 messages in the last 7 days.
script run at: Fri Oct 5 00:53:02 EDT 2018
Messages | Bytes| Who
+--++--+
15.38% |2 | 22.53% |35935 | matt...@matthew.at
15.38% |2 | 12.68% |20220 |
I’d like to ask the participants in this conversation to be excellent to
each other. Ad-hominem arguments don’t fundamentally contribute, or further
the discussion.
___
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN
Bill, stop playing this nonsense. I referred to and respect your history, your
attempt to play innocent is contemptible.
I’ve never once advocated for anyone to be cut off. I have advocated that those
who refuse to follow the rules agreed upon decades ago without a justifiable
reason should be
> The change is that ARIN is (or will soon be) no longer accepting DNSSEC DS
> records for reverse DNS for those resources that are not covered by RSA or
> LRSA. This is a change from current operational practice, and it effectively
> disables the *community's* ability to validate reverse DNS
> On Oct 4, 2018, at 9:27 PM, Jo Rhett wrote:
>
>> How exactly am I freeloading, how am I not playing “nicely with others” or
>> “by the rules,”
>
> I’ve been watching you fight to ride free
Cite an example, please.
> If you won’t play the rules, there is no requirement that service is
> How exactly am I freeloading, how am I not playing “nicely with others” or
> “by the rules,”
Google yourself. I’ve been watching you fight to ride free because you got
addresses (like most of us on this back) back from Jon directly when this was
easy. The difference is that 25 years ago a
> On Oct 4, 2018, at 9:13 PM, Jo Rhett wrote:
>
>> You’re entirely missing Michael’s point. DNSSEC is not a _treat_ that you
>> dangle in front of universities, it’s an operational requirement for _the
>> whole Internet_, of which your paying members are constituents. You’re
>> denying
> I agree that we clearly need universal DNSSEC, and ARIN should not take
> actions that inhibit universal DNSSEC.
“Universal” DNSSEC where some parties are unauthenticated is worse than useless.
Validation and certification of the resource holder is critical. These two
dozen entities are
> You’re entirely missing Michael’s point. DNSSEC is not a _treat_ that you
> dangle in front of universities, it’s an operational requirement for _the
> whole Internet_, of which your paying members are constituents. You’re
> denying _me_ the ability to use DNSSEC to validate addresses any
For me the financial price is too high *and* I didn't want to be on the
wrong side when someone decided they might be a real asset.
Now that I've whittled my holdings down to what I need for my own purposes,
it is just financial, like Brian.
ps. That's also why I haven't moved these networks to
Ever since the "legacy resource holders get the same services that they
received upon ARIN’s formation" we knew it was only a matter of time before
some new-but-now-critical service (RPKI, DNSSEC, addition of some required
new Whois field, etc.) was denied to them. The "stick" part of the "carrot
I am a legacy holder of two /24s. I use them.
I have not signed the agreement.
The issue for me is 100% financial. The price is too high.
___
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List
I agree that we clearly need universal DNSSEC, and ARIN should not take
actions that inhibit universal DNSSEC.
I understand that ARIN has taken actions to try to get the remaining
legacy holders to move to an RSA. While this might be seen as a "carrot"
to try to move these holders to an RSA,
Bill,
I am personally fully committed to universal DNSSEC, and I believe that this
practice deleteriously affects all ARIN members, not just legacy ones. I hope
that discussion on this list will indicate a clear community consensus, so that
the board can ensure that staff act upon that input.
> On Oct 4, 2018, at 11:10 AM, John Curran wrote:
> ARIN had been inconsistent in our approach to ... DNSSEC services over the
> years.
There is no room for inconsistency in the application of security.
You’re entirely missing Michael’s point. DNSSEC is not a _treat_ that you
dangle in
On 4 Oct 2018, at 9:29 AM, Michael Sinatra
mailto:michael+p...@burnttofu.net>> wrote:
The change is that ARIN is (or will soon be) no longer accepting DNSSEC DS
records for reverse DNS for those resources that are not covered by RSA or
LRSA. This is a change from current operational practice,
> On Oct 4, 2018, at 9:29 AM, Michael Sinatra
> wrote:
> I have received word of an apparent change in ARIN operational policy...
> ...no longer accepting DNSSEC DS records for reverse DNS for those resources
> that are not covered by RSA or LRSA. This is a change from current
> operational
I support limiting the maximum size of requests for IP space via Arin waiting
list to /21
--
--
"Catch the Magic of Linux..."
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com
Hi,
All of my $employer's number resources are covered by RSA or LRSA, but I
have received word of an apparent change in ARIN operational policy from
holders of legacy resources who are not 100% covered by RSA or LRSA.
The change is that ARIN is (or will soon be) no longer accepting DNSSEC
20 matches
Mail list logo