Gmail and SSL

2012-12-14 Thread Randy
I'm hoping to reach out to google's gmail engineers with this message, Today I noticed that for the past 3 days, email messages from my personal website's pop3 were not being received into my gmail inbox. Naturally, I figured that my pop3 service was down, but after some checking, every thing

Re: Gmail and SSL

2012-12-14 Thread John Peach
On Fri, 14 Dec 2012 09:47:03 -0600 Randy na...@afxr.net wrote: I'm hoping to reach out to google's gmail engineers with this message, Today I noticed that for the past 3 days, email messages from my personal website's pop3 were not being received into my gmail inbox. Naturally, I figured

Re: Gmail and SSL

2012-12-14 Thread Peter Kristolaitis
On 12/14/2012 10:47 AM, Randy wrote: I don't have hundreds of dollars to get my ssl certificates signed You can get single-host certificates issued for free from StartSSL, or for very cheaply (under $10) from low-cost providers like CheapSSL.com. I've never had a problem having my StartSSL

Re: Gmail and SSL

2012-12-14 Thread Tim Franklin
http://www.startssl.com/ Their certs are free and, from what I hear, are accepted by Google. Seconded. I was a hold-out for a long time on personal stuff - I trust me, I'm not paying someone else to trust me - but StartSSL makes a lot of the pain go away with minimal effort. Regards, Tim.

Re: Gmail and SSL

2012-12-14 Thread Maxim Khitrov
On Fri, Dec 14, 2012 at 10:52 AM, Peter Kristolaitis alte...@alter3d.ca wrote: On 12/14/2012 10:47 AM, Randy wrote: I don't have hundreds of dollars to get my ssl certificates signed You can get single-host certificates issued for free from StartSSL, or for very cheaply (under $10) from

Re: Gmail and SSL

2012-12-14 Thread Christopher Morrow
On Fri, Dec 14, 2012 at 11:21 AM, Tim Franklin t...@pelican.org wrote: http://www.startssl.com/ Their certs are free and, from what I hear, are accepted by Google. Seconded. I was a hold-out for a long time on personal stuff - I trust me, I'm not paying someone else to trust me - but

Re: Advisory — D-root is changing its IPv4 address on the 3rd of January.

2012-12-14 Thread Nick Hilliard
On 13/12/2012 22:54, Jason Castonguay wrote: Advisory — D-root is changing its IPv4 address on the 3rd of January. Jason, You've just given 3 weeks notice for a component change in one of the few critical part of the Internet's infrastructure, at a time when most networks have entered a

Re: Advisory — D-root is changing its IPv4 address on the 3rd of January.

2012-12-14 Thread Matthew Newton
On Fri, Dec 14, 2012 at 04:42:46PM +, Nick Hilliard wrote: On 13/12/2012 22:54, Jason Castonguay wrote: Advisory — D-root is changing its IPv4 address on the 3rd of January. You've just given 3 weeks notice for a component change in one of the few critical part of the Internet's

Re: Advisory — D-root is changing its IPv4 address on the 3rd of January.

2012-12-14 Thread Michael Thomas
Matthew Newton wrote: On Fri, Dec 14, 2012 at 04:42:46PM +, Nick Hilliard wrote: On 13/12/2012 22:54, Jason Castonguay wrote: Advisory — D-root is changing its IPv4 address on the 3rd of January. You've just given 3 weeks notice for a component change in one of the few critical part of

Re: Gmail and SSL

2012-12-14 Thread Eugen Leitl
On Fri, Dec 14, 2012 at 11:36:08AM -0500, Christopher Morrow wrote: Seconded. I was a hold-out for a long time on personal stuff - I trust me, I'm not paying someone else to trust me - but StartSSL makes a lot of the pain go away with minimal effort. because paying for random

Re: Advisory — D-root is changing its IPv4 address on the 3rd of January.

2012-12-14 Thread Joseph Jackson
Mike, You will need to update your root.hints file on any of your forwarding DNS servers. Most OS vendors will include an update but its a good idea to manually check. On Fri, Dec 14, 2012 at 10:59 AM, Michael Thomas m...@mtcc.com wrote: Matthew Newton wrote: On Fri, Dec 14, 2012 at

Re: Gmail and SSL

2012-12-14 Thread Christopher Morrow
On Fri, Dec 14, 2012 at 12:04 PM, Eugen Leitl eu...@leitl.org wrote: On Fri, Dec 14, 2012 at 11:36:08AM -0500, Christopher Morrow wrote: Seconded. I was a hold-out for a long time on personal stuff - I trust me, I'm not paying someone else to trust me - but StartSSL makes a lot of the

Re: Advisory — D-root is changing its IPv4 address on the 3rd of January.

2012-12-14 Thread Christopher Morrow
On Fri, Dec 14, 2012 at 11:59 AM, Michael Thomas m...@mtcc.com wrote: Matthew Newton wrote: On Fri, Dec 14, 2012 at 04:42:46PM +, Nick Hilliard wrote: On 13/12/2012 22:54, Jason Castonguay wrote: Advisory — D-root is changing its IPv4 address on the 3rd of January. You've just given 3

Re: Advisory — D-root is changing its IPv4 address on the 3rd of January.

2012-12-14 Thread Walter Keen
If I had to guess, I would guess that renumbering is likely required to get it into a more portable address assignment from a multi-homing perspective. Look at the whois information below If I were hosting a root server or something similar, I would certainly want it segregated enough that I

Re: Advisory — D-root is changing its IPv4 address on the 3rd of January.

2012-12-14 Thread bmanning
On Fri, Dec 14, 2012 at 08:59:19AM -0800, Michael Thomas wrote: Matthew Newton wrote: On Fri, Dec 14, 2012 at 04:42:46PM +, Nick Hilliard wrote: On 13/12/2012 22:54, Jason Castonguay wrote: Advisory You've just given 3 weeks notice for a component change in one of the few critical part

Re: Advisory — D-root is changing its IPv4 address on the 3rd of January.

2012-12-14 Thread Bill Woodcock
On Dec 14, 2012, at 8:59 AM, Michael Thomas m...@mtcc.com wrote: Matthew Newton wrote: So really stupid question, and hopefully it's just me, do I need to do something on my servers? Update the hints file. /var/named/ somewhere in all likelihood. Second question: I know that renumbering

Re: Advisory — D-root is changing its IPv4 address on the 3rd of January.

2012-12-14 Thread Joe Abley
Hi Michael, On 2012-12-14, at 11:59, Michael Thomas m...@mtcc.com wrote: Matthew Newton wrote: On Fri, Dec 14, 2012 at 04:42:46PM +, Nick Hilliard wrote: On 13/12/2012 22:54, Jason Castonguay wrote: Advisory — D-root is changing its IPv4 address on the 3rd of January. You've just given

Re: Advisory — D-root is changing its IPv4 address on the 3rd of January.

2012-12-14 Thread Nick Hilliard
On 14/12/2012 16:52, Matthew Newton wrote: The old address will continue to work for at least six months after the transition, but will ultimately be retired from service. I'm suggesting a lot more notification than 6 months before 128.8.10.90 is switched off. And corroborative

Re: Advisory — D-root is changing its IPv4 address on the 3rd of January.

2012-12-14 Thread Joe Abley
On 2012-12-14, at 11:42, Nick Hilliard n...@foobar.org wrote: You've just given 3 weeks notice for a component change in one of the few critical part of the Internet's infrastructure, at a time when most networks have entered a configuration freeze (which will usually finish at the end of

Re: Advisory — D-root is changing its IPv4 address on the 3rd of January.

2012-12-14 Thread bmanning
On Fri, Dec 14, 2012 at 12:45:00PM -0500, Joe Abley wrote: These changes have happened before (other root servers have renumbered). I have never heard of an operational problem caused by such an exercise, and I guarantee there are resolvers running happily today with hints files that are

Re: Advisory — D-root is changing its IPv4 address on the 3rd of January.

2012-12-14 Thread Jay Ashworth
- Original Message - From: Nick Hilliard n...@foobar.org It would be really good to have a formal public statement of intent from UMD about their long term plans for 128.8.10.90 after retirement so that we don't have a repeat of the L root hijacking debacle in 2008. Quite so: UMD:

Re: Advisory — D-root is changing its IPv4 address on the 3rd of January.

2012-12-14 Thread Majdi S. Abbas
On Fri, Dec 14, 2012 at 04:42:46PM +, Nick Hilliard wrote: Jason, You've just given 3 weeks notice for a component change in one of the few critical part of the Internet's infrastructure, at a time when most networks have entered a configuration freeze (which will usually finish at the

Re: Re: Advisory — D-root is changing its IPv4 address

2012-12-14 Thread Joe Greco
So really stupid question, and hopefully it's just me, do I need to do something on my servers? your crontab that updates your root-hints may already have caught the chang= e... That seems like a spectacularly bad idea. How do you validate the new root-hints automatically? What if

Re: Advisory — D-root is changing its IPv4 address on the 3rd of January.

2012-12-14 Thread Joe Antkowiak
On Fri, Dec 14, 2012 at 11:56 AM, Jay Ashworth j...@baylink.com wrote: Quite so: UMD: Where will the old IP route after the 6 month period is complete? Somewhere safe? In point of fact, ISTM that there *is no way* to make this completely safe; granted that it's a low percentage attack, and

Re: Re: Advisory — D-root is changing its IPv4 address

2012-12-14 Thread Christopher Morrow
hand waveydnssec/hand wavey On Dec 14, 2012 1:06 PM, Joe Greco jgr...@ns.sol.net wrote: So really stupid question, and hopefully it's just me, do I need to do something on my servers? your crontab that updates your root-hints may already have caught the chang= e... That seems

Weekly Routing Table Report

2012-12-14 Thread Routing Analysis Role Account
This is an automated weekly mailing describing the state of the Internet Routing Table as seen from APNIC's router in Japan. The posting is sent to APOPS, NANOG, AfNOG, AusNOG, SANOG, PacNOG, LacNOG, TRNOG, CaribNOG and the RIPE Routing Working Group. Daily listings are sent to

Re: Advisory — D-root is changing its IPv4 address on the 3rd of January.

2012-12-14 Thread Joe Abley
On 2012-12-14, at 13:17, Joe Antkowiak antko...@gmail.com wrote: On Fri, Dec 14, 2012 at 11:56 AM, Jay Ashworth j...@baylink.com wrote: Quite so: UMD: Where will the old IP route after the 6 month period is complete? Somewhere safe? In point of fact, ISTM that there *is no way* to make

Re: Advisory — D-root is changing its IPv4 address on the 3rd of January.

2012-12-14 Thread Jean-Francois Mezei
On 12-12-14 12:13, Joe Abley wrote: In summary, theory (and practice) tells us that: 1. You should update your hints file from time to time, and 2. If you don't, chances are overwhelmingly good that it will make no difference, and everything will work as normal. But this is important to

Re: Advisory — D-root is changing its IPv4 address on the 3rd of January.

2012-12-14 Thread Jay Ashworth
- Original Message - From: Joe Abley jab...@hopcount.ca Quite so: UMD: Where will the old IP route after the 6 month period is complete? Somewhere safe? As I understand it (but ask UMD!) - D-Root is currently numbered out of a general-purpose UMD /16 into a dedicated,

btw, the itu imploded

2012-12-14 Thread Randy Bush

Re: Advisory — D-root is changing its IPv4 address on the 3rd of January.

2012-12-14 Thread Jay Ashworth
- Original Message - From: bmann...@vacation.karoshi.com So, in short, UMD will still own the losing allocation, and be able to make relatively sure nothing else is placed at that IP (though of course they won't necessarily be able to make sure no one hijacks that entire

Re: btw, the itu imploded - NOT

2012-12-14 Thread bmanning
not at all... the WCIT 2012 concluded without agreement. Hardly the same thing. /bill

RE: btw, the itu imploded

2012-12-14 Thread Warren Bailey
? Again? ;) From my Galaxy Note II, please excuse any mistakes. Original message From: Randy Bush ra...@psg.com Date: 12/14/2012 11:44 AM (GMT-08:00) To: North American Network Operators' Group nanog@nanog.org Subject: btw, the itu imploded

Re: btw, the itu imploded

2012-12-14 Thread Mike A
On Fri, Dec 14, 2012 at 11:41:48AM -0800, Randy Bush wrote: ---end quoted text--- Yep. _Gloriously_! The US walked out, followed by bunchty others. http://www.pcworld.com/article/2020469/opponents-say-itu-treaty-threatens-internet-freedom.html -- Mike Andrews, W5EGO mi...@mikea.ath.cx Tired

Re: Advisory — D-root is changing its IPv4 address on the 3rd of January.

2012-12-14 Thread Jason Castonguay
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 12/14/12 11:42, Nick Hilliard wrote: On 13/12/2012 22:54, Jason Castonguay wrote: Advisory — D-root is changing its IPv4 address on the 3rd of January. Jason, You've just given 3 weeks notice for a component change in one of the few

Re: Advisory — D-root is changing its IPv4 address on the 3rd of January.

2012-12-14 Thread bmanning
On Fri, Dec 14, 2012 at 02:46:49PM -0500, Jay Ashworth wrote: - Original Message - From: bmann...@vacation.karoshi.com So, in short, UMD will still own the losing allocation, and be able to make relatively sure nothing else is placed at that IP (though of course they

Re: btw, the itu imploded

2012-12-14 Thread Bill Woodcock
On Dec 14, 2012, at 11:51 AM, Mike A mi...@mikea.ath.cx wrote: Yep. _Gloriously_! The US walked out, followed by bunchty others. http://www.pcworld.com/article/2020469/opponents-say-itu-treaty-threatens-internet-freedom.html At current count, to the best of my incomplete knowledge,

Re: Advisory — D-root is changing its IPv4 address on the 3rd of January.

2012-12-14 Thread Jean-Francois Mezei
On 12-12-14 15:13, Jason Castonguay wrote: I've given 3 weeks + 6 months (at least) notice on a service change that will not be noticed by most anyone. Upon hearing your announcement, I went and dig myself a new root.hints file from one of the root servers. the D root is still pointing to

Re: btw, the itu imploded

2012-12-14 Thread Richard Barnes
See also: http://www.ipv.sx/wcit/ On Fri, Dec 14, 2012 at 2:41 PM, Randy Bush ra...@psg.com wrote:

Re: Advisory — D-root is changing its IPv4 address on the 3rd of January.

2012-12-14 Thread Job Snijders
Hi Jean, On Dec 14, 2012, at 9:12 PM, Jean-Francois Mezei jfmezei_na...@vaxination.ca wrote: On 12-12-14 15:13, Jason Castonguay wrote: I've given 3 weeks + 6 months (at least) notice on a service change that will not be noticed by most anyone. Upon hearing your announcement, I went

Re: btw, the itu imploded

2012-12-14 Thread Nick Hilliard
On 14/12/2012 19:51, Mike A wrote: Yep. _Gloriously_! The US walked out, followed by bunchty others. http://www.pcworld.com/article/2020469/opponents-say-itu-treaty-threatens-internet-freedom.html The ITU didn't implode and that article gives a ridiculously misleading impression of what

Re: Advisory — D-root is changing its IPv4 address on the 3rd of January.

2012-12-14 Thread Jason Castonguay
On 12/14/2012 03:12 PM, Jean-Francois Mezei wrote: On 12-12-14 15:13, Jason Castonguay wrote: I've given 3 weeks + 6 months (at least) notice on a service change that will not be noticed by most anyone. Upon hearing your announcement, I went and dig myself a new root.hints file from one of

Re: Advisory — D-root is changing its IPv4 address on the 3rd of January.

2012-12-14 Thread Joe Antkowiak
On Fri, Dec 14, 2012 at 2:13 PM, Jason Castonguay casto...@umd.edu wrote: The old address, which is in the middle of UMD's network, is going to be black-holed once the change is over. Nothing will be on that IP once we move the root off. The rest of UMD's network is staying put. This move

Re: Advisory — D-root is changing its IPv4 address on the 3rd of January.

2012-12-14 Thread bmanning
On Fri, Dec 14, 2012 at 03:10:44PM -0600, Joe Antkowiak wrote: On Fri, Dec 14, 2012 at 2:13 PM, Jason Castonguay casto...@umd.edu wrote: The old address, which is in the middle of UMD's network, is going to be black-holed once the change is over. Nothing will be on that IP once we move

Re: Advisory — D-root is changing its IPv4 address on the 3rd of January.

2012-12-14 Thread Joe Antkowiak
On Fri, Dec 14, 2012 at 3:25 PM, bmann...@vacation.karoshi.com wrote: because you would not accept a /30 cutout of the UMD /16 coming from some random IX in Singapore. (see Joe Ableys post earlier today on why legacy nodes are / have renumbered.) /bill Agreed on

Re: btw, the itu imploded

2012-12-14 Thread Gordon Lennox
WCIT-12 was but one exchange. The next one is WTPF-13: The World Telecommunication/Information and Communication Technology Policy Forum (WTPF) is a high-level international event to exchange views on the key policy issues arising from today's fast changing information and communication

RE: Gmail and SSL

2012-12-14 Thread Matthew Black
A major problem with free or low-cost certificates is that their intermediate CA certificate does not always point back to a root certificate in client machines and/or software. matthew black california state university, long beach -Original Message- From: Peter Kristolaitis

The Cidr Report

2012-12-14 Thread cidr-report
This report has been generated at Fri Dec 14 21:13:09 2012 AEST. The report analyses the BGP Routing Table of AS2.0 router and generates a report on aggregation potential within the table. Check http://www.cidr-report.org for a current version of this report. Recent Table History Date

BGP Update Report

2012-12-14 Thread cidr-report
BGP Update Report Interval: 06-Dec-12 -to- 13-Dec-12 (7 days) Observation Point: BGP Peering with AS131072 TOP 20 Unstable Origin AS Rank ASNUpds % Upds/PfxAS-Name 1 - AS982953057 2.1% 38.9 -- BSNL-NIB National Internet Backbone 2 - AS8402

Re: Gmail and SSL

2012-12-14 Thread Peter Kristolaitis
I've heard this argument fairly often when I mention free/cheap certificates to colleagues, etc, but no one has ever actually pointed to a reasonable case where this is true (the 20 year old VMS system that I've never patched running OpenSSL 0.0.0.0.1-pre-alpha doesn't work doesn't count...).

Re: Gmail and SSL

2012-12-14 Thread Christopher Morrow
On Fri, Dec 14, 2012 at 6:03 PM, Peter Kristolaitis alte...@alter3d.ca wrote: In my experience, free/cheap certs not working on some clients is, in 99.9% of cases, a misconfiguration error where the server isn't presenting the cert chain properly (usually omitting the intermediate cert), which

Re: OpenFlow, please don't start a flame war...

2012-12-14 Thread Jeff Kell
On 12/14/2012 11:11 PM, eric-l...@truenet.com wrote: It's been about 2 years in since I've heard about the concept, and honestly I'm about ready to jump into test environments at my house. My questions are pretty basic, what distro would you recommend for a controller, and should I start by

Re: Advisory — D-root is changing its IPv4 address on the 3rd of January.

2012-12-14 Thread David Conrad
On Dec 14, 2012, at 11:02 AM, Joe Abley jab...@hopcount.ca wrote: Other root servers have renumbered out of institutional, general-purpose networks into dedicated networks in the past. I think the last one was B-Root in 2004, Actually, it was L in 2007... :) Regards, -drc

Re: OpenFlow, please don't start a flame war...

2012-12-14 Thread Steve Noble
On Dec 14, 2012 8:47 PM, Jeff Kell jeff-k...@utc.edu wrote: Yeah, it's the neatest thing since sliced bread, but requires layer-2 connectivity across the board. When you exhaust your mac address tables, we'll welcome you back to the real world. I think you are confusing vendor solutions with

Re: Advisory — D-root is changing its IPv4 address on the 3rd of January.

2012-12-14 Thread bmanning
On Fri, Dec 14, 2012 at 08:48:07PM -0800, David Conrad wrote: On Dec 14, 2012, at 11:02 AM, Joe Abley jab...@hopcount.ca wrote: Other root servers have renumbered out of institutional, general-purpose networks into dedicated networks in the past. I think the last one was B-Root in 2004,