[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [idn] Debunking the ACE myth
--On Thursday, 19 July, 2001 11:22 -0400 lucid@epa.secret.org
wrote:
> Getting ISPs to upgrade to DNS that supports UTF-8 is simple.
> Patch BIND now, wait for the next remote root exploit which is
> followed by a worm.
Sigh.
Folks, this is important. Let's get real.
Unless recent consolidations have changed things dramatically --
and in directions other than the one my experience would
predict-- there are basically two kinds of ISPs: the ones who
are very careful and conservative about infrastructure software
updates and the ones who don't expect to be in business for much
longer (a few manage to fall into both categories, of course).
Bug-fixing patches to BIND (or anything else) that address a
security problem are installed quickly iff their content is
addressed specifically to that problem. If they contain a lot
of irrelevant stuff, the software providers take a lot of flak.
Complete new versions that ISPs are expected to install on the
basis that it will be good for them, but without specifics, get
even more resistance. (Those closer to BIND maintenance cycles
should confirm this or tell me I'm crazy.)
In general, anything that requires ISPs to make changes to
servers that impact all of their users or customers (and, if
they are in the hosting business, customers of their customers)
is going to be deployed when it is clearly in the ISP's business
interests, and/or after very careful and leisurely testing, or
never.
If you want fast deployment, select something that doesn't
require ISPs to make changes. There may be fewer of them than
there are end users, but the latter can much more easily decide
to install software upgrades that meet their particular
perceived needs. And don't depend on tricking the ISPs into
installing something -- the good ones are hard to trick and they
collectively represent a very large portion of the marketplace.
john