At 10:59 AM -0400 10/20/03, Steve Bellovin wrote:
So -- how much notice would the operator community want before deploying new software? What about for enterprises? (We all know that stuff *can* be deployed more quickly in emergency circumstances. We also know the problems that that can lead to, which is why we generally want testing and controlled deployment.)
I don't even want to start down that path. If we were talking normal software development and deployment schedules we'd be talking six months to a year from notice to the software company to deployment. But obviously that isn't going to happen. As a software developer I'd want at least 30-60 days to do development and testing. As a service provider thought, I'm pretty conservative about updating my servers. And of course this change probably wouldn't be back-patched into old versions, so that means I'm biting off all kinds of other changes that I need to test as well. More importantly--Verisign needs to deploy alternate servers so it's actually possible to test software against the changes they propose to make. Otherwise we're just running around guessing what the behavior is going to be. But fundamentally the problem is this. There is no way to handle root wildcards by various registries in a standard and reliable way. Verisign has not even been able to provide code for how to handle *their* wildcard in a reliable way. Each registry may implement different features with different behaviors. What works for one won't necessarily work for another. And every time any one of them changes, or a new registry is added, every single piece of software that relies on a particular behavior has to be checked and possibly patched. We can't afford to run the internet that way. -- Kee Hinckley http://www.messagefire.com/ Next Generation Spam Defense http://commons.somewhere.com/buzz/ Writings on Technology and Society I'm not sure which upsets me more: that people are so unwilling to accept responsibility for their own actions, or that they are so eager to regulate everyone else's.