PRE-ANNOUNCEMENT: BIND-Members Forum
Rafi Sadowsky
rafi at cert.ac.il
Wed Jan 31 23:46:56 UTC 2001
Hi Luigi
Basically I agree with you except why do you choose "CERT"
( I assume you mean CERT/CC at CMU - there are many "CERT's" these days)
as opposed to FIRST (http://www.first.org/) which has an International
membership of ~70 CERT/CSIRT teams
Thanks
Rafi
--
Rafi Sadowsky rafi at cert.ac.il
Network Operations Center |VoiceMail: +972-3-646-0592 FAX: +972-3-646-0454
ILAN - IUCC -I2(Israel) | FIRST-REP for ILAN-CERT(CERT at CERT.AC.IL)
(Israeli Academic Network) | (PGP key -> ) http://telem.openu.ac.il/~rafi
On Wed, 31 Jan 2001 lpb at Starbase.NeoSoft.COM wrote:
>
> Is this the beginning of taking BIND out of the Open Source domain??
>
> I would feel a lot more comfortable if the membership included CERT,
> without any possibility of removing them. I don't feel assured that the
> public at large would be made aware of security risks as they come up - and
> we're the reason BIND exists in the first place.
>
> Paul, you're opening yourself up to the kind of complaints DJB makes about
> the "BIND Corporation" when you make broad statements like "Recent events
> have very clearly shown that there is a need for a fee...". WHAT events?
> WHAT problems will this solve? Please give us more detail.
>
> Luigi Bai
> Currently, a BIND user
>
> At 09:36 AM 1/31/01 -0800, Paul A Vixie wrote:
> --- Begin Original Message ---
> >ISC has historically depended upon the "bind-workers" mailing list, and
> >CERT advisories, to notify vendors of potential or actual security flaws
> >in its BIND package. Recent events have very clearly shown that there is
> >a need for a fee-based membership forum consisting only of:
> >
> > 1. ISC itself
> > 2. Vendors who include BIND in their products
> > 3. Root and TLD name server operators
> > 4. Other qualified parties (at ISC's discretion)
> >
> >Requirements of bind-members will be:
> >
> > 1. Not-for-profit members can have their fees waived
> > 2. Use of PGP (or possibly S/MIME) will be mandatory
> > 3. Members will receive information security training
> > 4. Members will sign strong nondisclosure agreements
> >
> >Features and benefits of "bind-members" status will include:
> >
> > 1. Private access to the CVS pool where bind4, bind8 and bind9 live
> > 2. Reception of early warnings of security or other important flaws
> > 3. Periodic in-person meetings, probably at IETF's conference sites
> > 4. Participation on the bind-members mailing list
> >
> >If you are a BIND vendor, root or TLD server operator, or other interested
> >party, I urge you to seek management approval for entry into this forum, and
> >then either contact, or have a responsible party contact, isc-info at isc.org.
> >
> >Paul Vixie
> >Chairman
> >ISC
> --- End Original Message ---
>
>
>
More information about the bind-users
mailing list