Internet and e-mail policy and practice
including Notes on Internet E-mail


2017
Months
Oct
Nov Dec

Click the comments link on any story to see comments or add your own.


Subscribe to this blog


RSS feed


Home

22 Oct 2017

The hack back bill in Congress is better than you'd expect Internet
Rep's Graves and Sinema recently introduced H.R. 4036, the catchily named
Active Cyber Defense Certainty Act or ACDC act which creates some exceptions to criminal parts of computer crime laws. Lots of reports have decried "hack back" but if you read the bill, it's surprisingly well targeted.

See more ...


posted at: 16:31 :: permanent link to this entry :: 0 comments
Stable link is https://jl.ly/Internet/hackback.html

26 Sep 2017

Some contrary advice about the Equifax breach Money
Here's some unexpected advice about what to do about the recent giant Equifax breach: nothing.

See more ...


posted at: 01:47 :: permanent link to this entry :: 0 comments
Stable link is https://jl.ly/Money/equinot.html

26 Aug 2017

Not quite two factor, or is your phone number really something you have? Security

A recent article in the New York Times Dealbook column reported on phone number hijacking, in which a bad guy fraudulently takes over someone's mobile phone number and used it to reset credentials and drain the victim's account. It happens a lot, even to the chief technologist of the FTC. This reminds us that security is hard, and understanding two factor authentication is harder than it seems.

The usual definition of two-factor is to pick two different items from a list of security types:

See more ...


posted at: 20:49 :: permanent link to this entry :: 0 comments
Stable link is https://jl.ly/Security/2fphone.html

10 Aug 2017

Supporting new DNS RR types with dnsextlang, Part II Internet
Yesterday's
article introduced my DNS extension language, intended to make it easier to add new DNS record types to DNS software. It described a new perl module Net::DNS::Extlang that uses the extension language to automatically create perl code to handle new RRTYPEs. Today we look at my second project, intended to let people create DNS records and zone files with new RRTYPEs.

See more ...


posted at: 19:17 :: permanent link to this entry :: 0 comments
Stable link is https://jl.ly/Internet/extlang2.html

08 Aug 2017

Supporting new DNS RR types with dnsextlang, Part I Internet

The Domain Name System has always been intended to be extensible. The original spec in the 1980s had about a dozen resource record types (RRTYPEs), and since then people have invented many more so now there are about 65 different RRTYPEs. But if you look at most DNS zones, you'll only see a handful of types, NS, A, AAAA, MX, TXT, and maybe SRV. Why? A lot of the other types are arcane or obsolete, but there are plenty that are useful. Moreover, new designs like DKIM, DMARC, and notorously SPF have reused TXT records rather than defining new types of their own. Why? It's the provisioning crudware.

While DNS server software is regularly updated to handle new RRTYPEs, the web based packages that most people have to use to manage their DNS is almost never updated, and usually handles only a small set of RRTYPEs. This struck me as unfortunate, so I defined a DNS extension language that provisioning sytems can use to look up the syntax of new RRTYPEs, so when a new type is created, only the syntax tables have to be updated, not the software. Paul Vixie had the clever idea to store the tables in the DNS itself (in TXT records of course), so after a one-time upgrade to your configuration software, new RRTYPEs work automagically when their description is added to the DNS.

The
Internet draft that describes this has been kicking around for six years, but with support from ICANN (thanks!) I wrote some libraries and a sample application that implement it.

See more ...


posted at: 23:15 :: permanent link to this entry :: 0 comments
Stable link is https://jl.ly/Internet/extlang.html

Topics


My other sites

Who is this guy?

Airline ticket info

Taughannock Networks

Other blogs

CAUCE
The Criminals Behind WannaCry
162 days ago

A keen grasp of the obvious
Live from the collander-cam
63 days ago

Related sites

Coalition Against Unsolicited Commercial E-mail

Network Abuse Clearinghouse



© 2005-2015 John R. Levine.
CAN SPAM address harvesting notice: the operator of this website will not give, sell, or otherwise transfer addresses maintained by this website to any other party for the purposes of initiating, or enabling others to initiate, electronic mail messages.