Paul A Vixie Paul_Vixie at ISC.Org
Wed Jan 31 17:36:02 UTC 2001

ISC has historically depended upon the "bind-workers" mailing list, and
CERT advisories, to notify vendors of potential or actual security flaws
in its BIND package.  Recent events have very clearly shown that there is
a need for a fee-based membership forum consisting only of:

	1. ISC itself
	2. Vendors who include BIND in their products
	3. Root and TLD name server operators
	4. Other qualified parties (at ISC's discretion)

Requirements of bind-members will be:

	1. Not-for-profit members can have their fees waived
	2. Use of PGP (or possibly S/MIME) will be mandatory
	3. Members will receive information security training
	4. Members will sign strong nondisclosure agreements

Features and benefits of "bind-members" status will include:

	1. Private access to the CVS pool where bind4, bind8 and bind9 live
	2. Reception of early warnings of security or other important flaws
	3. Periodic in-person meetings, probably at IETF's conference sites
	4. Participation on the bind-members mailing list

If you are a BIND vendor, root or TLD server operator, or other interested
party, I urge you to seek management approval for entry into this forum, and
then either contact, or have a responsible party contact, isc-info at

Paul Vixie

More information about the bind-announce mailing list