PRE-ANNOUNCEMENT: BIND-Members Forum

Rafi Sadowsky rafi at cert.ac.il
Wed Jan 31 23:46:56 UTC 2001


Hi Luigi

 Basically I agree with you except why do you choose "CERT"
( I assume you mean CERT/CC at CMU - there are many "CERT's" these days)
as opposed to FIRST (http://www.first.org/) which has an International
membership of ~70 CERT/CSIRT teams

Thanks
	Rafi
-- 
Rafi Sadowsky                                   rafi at cert.ac.il
 Network Operations Center  |VoiceMail: +972-3-646-0592   FAX: +972-3-646-0454
  ILAN - IUCC -I2(Israel)   |    FIRST-REP for ILAN-CERT(CERT at CERT.AC.IL)
(Israeli Academic Network)  |   (PGP key -> )  http://telem.openu.ac.il/~rafi


On Wed, 31 Jan 2001 lpb at Starbase.NeoSoft.COM wrote:

>
> Is this the beginning of taking BIND out of the Open Source domain??
>
> I would feel a lot more comfortable if the membership included CERT,
> without any possibility of removing them. I don't feel assured that the
> public at large would be made aware of security risks as they come up - and
> we're the reason BIND exists in the first place.
>
> Paul, you're opening yourself up to the kind of complaints DJB makes about
> the "BIND Corporation" when you make broad statements like "Recent events
> have very clearly shown that there is a need for a fee...". WHAT events?
> WHAT problems will this solve? Please give us more detail.
>
> Luigi Bai
> Currently, a BIND user
>
> At 09:36 AM 1/31/01 -0800, Paul A Vixie wrote:
> --- Begin Original Message ---
> >ISC has historically depended upon the "bind-workers" mailing list, and
> >CERT advisories, to notify vendors of potential or actual security flaws
> >in its BIND package.  Recent events have very clearly shown that there is
> >a need for a fee-based membership forum consisting only of:
> >
> >         1. ISC itself
> >         2. Vendors who include BIND in their products
> >         3. Root and TLD name server operators
> >         4. Other qualified parties (at ISC's discretion)
> >
> >Requirements of bind-members will be:
> >
> >         1. Not-for-profit members can have their fees waived
> >         2. Use of PGP (or possibly S/MIME) will be mandatory
> >         3. Members will receive information security training
> >         4. Members will sign strong nondisclosure agreements
> >
> >Features and benefits of "bind-members" status will include:
> >
> >         1. Private access to the CVS pool where bind4, bind8 and bind9 live
> >         2. Reception of early warnings of security or other important flaws
> >         3. Periodic in-person meetings, probably at IETF's conference sites
> >         4. Participation on the bind-members mailing list
> >
> >If you are a BIND vendor, root or TLD server operator, or other interested
> >party, I urge you to seek management approval for entry into this forum, and
> >then either contact, or have a responsible party contact, isc-info at isc.org.
> >
> >Paul Vixie
> >Chairman
> >ISC
> --- End Original Message ---
>
>
>






More information about the bind-users mailing list