[BIND] Proposal: Fee-based, closed membership [BIND] forum.
Devon Null
devnull at butcherfamily.com
Thu Feb 1 04:31:35 EST 2001
Oh boy, I don't like this at all!
This post just came in on [BUGTRAQ] about a proposed closed, fee-based
support and development forum for [BIND]. Sure, there have been some pretty
catastrophic events recently with [BIND} vulnerabilities and exploits, but
I don't think a closed, fee-based [BIND] forum is the way to go.
I can't see any advantages, and it is just silly to think that access
restrictions will make [BIND] any more secure.
In a way, this proposed orientation is essentially a variant of "security
by obscurity" by attempting to restrict access and involvement in the
development and refinement of [BIND] -=- something that is doomed to
failure, and quite possibly may spawn the development of an alienated
community of "outsiders" intent on finding more ways to break [BIND]!
*sheesh*
Best regards.
Devon Null
devnull at butcherfamily.com
_______________________________________________
"For every complex problem, there is a solution
that is simple, neat and wrong."
-- Henry L. Mencken
_______________________________________________
devnull at Buffalo.com | NEMO ME IMPUNE LACESSIT
=====================================
Date: Wed, 31 Jan 2001 18:02:48 -0700
Reply-To: Theo de Raadt <deraadt at CVS.OPENBSD.ORG>
Sender: Bugtraq List <BUGTRAQ at SECURITYFOCUS.COM>
From: Theo de Raadt <deraadt at CVS.OPENBSD.ORG>
Subject: Security information for dollars?
To: BUGTRAQ at SECURITYFOCUS.COM
What does the community think of this change in direction?
(Myself, I think it is a terrible idea to charge money for security
information access, and that closing BIND up like this is also going
to be harmful)
---
To: bind-announce at isc.org
Subject: PRE-ANNOUNCEMENT: BIND-Members Forum
Date: Wed, 31 Jan 2001 09:36:02 -0800
From: Paul A Vixie <Paul_Vixie at isc.org>
X-Approved-By: Ruth.Anne.Ladue at nominum.com
X-original-sender: Paul_Vixie at ISC.Org
X-List-ID: <bind-announce.isc.org>
X-DCC-MAPS-Metrics: isrv3.isc.org 668; IP=0/633557 env_From=0/3494
From=0/3451 Subject=0/3451 Message-ID=0/3453 Received=0/3453
Body=0/3451 Fuz1=0/3451
ISC has historically depended upon the "bind-workers" mailing list, and
CERT advisories, to notify vendors of potential or actual security flaws
in its BIND package. Recent events have very clearly shown that there is
a need for a fee-based membership forum consisting only of:
1. ISC itself
2. Vendors who include BIND in their products
3. Root and TLD name server operators
4. Other qualified parties (at ISC's discretion)
Requirements of bind-members will be:
1. Not-for-profit members can have their fees waived
2. Use of PGP (or possibly S/MIME) will be mandatory
3. Members will receive information security training
4. Members will sign strong nondisclosure agreements
Features and benefits of "bind-members" status will include:
1. Private access to the CVS pool where bind4, bind8 and bind9 live
2. Reception of early warnings of security or other important flaws
3. Periodic in-person meetings, probably at IETF's conference sites
4. Participation on the bind-members mailing list
If you are a BIND vendor, root or TLD server operator, or other interested
party, I urge you to seek management approval for entry into this forum, and
then either contact, or have a responsible party contact, isc-info at isc.org.
Paul Vixie
Chairman
ISC
More information about the nflug
mailing list