VGRS, again <sigh> (fwd)

[Steve Bellovin <smb@research.att.com>]

------- Forwarded Message


Date: Mon, 10 Feb 2003 18:23:30 -0800
To: Ted Hardie <hardie@equinix.com>,
        "Steven M. Bellovin" <smb@research.att.com>,
        Rob Austein <sra@hactrn.net>
From: Paul Hoffman / IMC <phoffman@imc.org>
Subject: VGRS, again <sigh>
Cc: Geoff Huston <gih@telstra.net>,
        Patrik =?iso-8859-1?Q?F=E4ltstr=F6m?= <paf@cisco.com>
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
	tests=HABEAS_SWE,IN_REP_TO,REFERENCES,SPAM_PHRASE_02_03
	version=2.43-cvs
X-UIDL: 795d59ec8ac5475e7699911708c371c0
X-Spam-Status: No, hits=-4.7 required=5.0
	tests=HABEAS_SWE,IN_REP_TO,REFERENCES,SPAM_PHRASE_02_03,
	      X_AUTH_WARNING
	version=2.43
X-Spam-Level: 

Hi again. I assume that Geoff has told you that VeriSign intends to 
revise their protocol to get around some of the problems that the IAB 
brought up in your message to ICANN. However, from reading VeriSign's 
response, they still will be running a name-guessing service instead 
of a lookup service. Specifically, the last step they describe still 
takes you to a list of colliding names and ask you in an HTML form to 
pick the one you really wanted.

If the IAB is going to respond to ICAN on this, and you want help in 
describing yet again what the problem is, and I can help, let me 
know. If you want to avoid what seems like a denial-of-service attack 
on the IAB by VeriSign for their profit, I would completely 
understand.

- --Paul Hoffman, Director
- --Internet Mail Consortium


------- End of Forwarded Message



		--Steve Bellovin, http://www.research.att.com/~smb (me)
		http://www.wilyhacker.com (2nd edition of "Firewalls" book)