PRE-ANNOUNCEMENT: BIND-Members Forum

Derek J. Balling dredd at megacity.org
Wed Jan 31 23:13:01 UTC 2001


At 4:33 PM -0600 1/31/01, Larry Sheldon wrote:
>This theme ("without also notifying everyone") recurs, and concerns me.
>
>We operate 20-odd known copies of BIND (and I'd not be surprised to learn
>that there are double that somewhere in our network) and while we are by no
>means part of the target audience as described in Mr. Vixie's original message
>we do have a profound and legitimate interest in finding out about termites
>in our woodwork as early as is possible.

True, but there is a vested, logical, interest in "close the holes in the
highest-profile places FIRST", especially for instances where there are
exploits in the wild.

In those cases, it is best, before the exploit is widely known, to quietly
get high-profile,high-demand servers patched (roots, ccTLD's, etc.) and
then, after they are patched, go public with the information.

Traditionally, this info has been limited to a very select few whose trust
was implicit. I think the plan is to try and allow greater access to it,
but with certain responsibility inherent in having access to such advance
info.

D
-- 
+---------------------+-----------------------------------------+
| dredd at megacity.org  | "Conan! What is best in life?"          |
|  Derek J. Balling   | "To crush your enemies, see them        |
|                     |    driven before you, and to hear the   |
|                     |    lamentation of their women!"         |
+---------------------+-----------------------------------------+


More information about the bind-users mailing list