[Collisions] "controlled interruption" - 127/8 versus RFC1918 space

Jeff Schmidt jschmidt at jasadvisors.com
Fri Jan 10 17:12:25 UTC 2014

>It would not be hard for ICANN to host a webserver that:
>a: strips all parameters from the URL before logging it (anything
>after the /, anything of the form user:pass@, etc).
>b: throws away cookies, all other headers.
>c: Doesn't log usernames, etc for other protocols.
>d: performs other sanitization (only log AS#, strip / elide last octet,
>and have this behavior audited by <insert random auditor here>.

Yes, but there is a problem before that too.  By returning an Internet
routable IP, we've actually "caused" the host to send this juicy stuff
over the open wifi at the coffee shop, through their compromised home
router, over the hills and through the woods to Grandmas, etc.  This may
actually making things worse than they are now - where NX means nothing is
transmitted.  We want to keep it local.  Fail closed.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4376 bytes
Desc: not available
URL: <http://lists.dns-oarc.net/pipermail/collisions/attachments/20140110/ab0b59e5/attachment.bin>

More information about the Collisions mailing list