k claffy wrote:
... please send any hard data reflecting observed ramifications on security and stability of Internet infrastructure to
secsac-comment@icann.org
no hard data will be refused service
Here's a glimpse of some data for a small ISP (bcc'd to secsac). This mail server was clogging with spam that couldn't be rejected with bad .com and .net incoming addresses, and with bad .com and .net outgoing undeliverable addresses. The server failed (stopped responding to new SMTP requests, and/or crashed) again and again: Sun, Sep 21, 2003 11:52 PM mail.WaterValley.Net 2 minutes, 35 seconds Mon, Sep 22, 2003 00:01 AM mail.WaterValley.Net 4 minutes, 7 seconds Mon, Sep 22, 2003 00:12 AM mail.WaterValley.Net 5 minutes, 48 seconds Mon, Sep 22, 2003 01:18 AM mail.WaterValley.Net 1 minute, 1 second Mon, Sep 22, 2003 04:07 AM mail.WaterValley.Net 5 minutes, 16 seconds Mon, Sep 22, 2003 04:23 AM mail.WaterValley.Net 3 minutes, 3 seconds Mon, Sep 22, 2003 04:33 AM mail.WaterValley.Net 1 minute, 19 seconds Mon, Sep 22, 2003 04:37 AM mail.WaterValley.Net 9 minutes, 4 seconds Mon, Sep 22, 2003 06:47 AM mail.WaterValley.Net 22 minutes, 58 seconds Mon, Sep 22, 2003 07:15 AM mail.WaterValley.Net 6 minutes, 59 seconds ... Mon, Sep 22, 2003 09:53 PM mail.WaterValley.Net 3 minutes, 0 seconds Mon, Sep 22, 2003 10:01 PM mail.WaterValley.Net 5 minutes, 0 seconds Mon, Sep 22, 2003 10:13 PM mail.WaterValley.Net 3 minutes, 1 second Mon, Sep 22, 2003 10:21 PM mail.WaterValley.Net 3 minutes, 1 second Mon, Sep 22, 2003 10:31 PM mail.WaterValley.Net 3 minutes, 1 second Mon, Sep 22, 2003 10:39 PM mail.WaterValley.Net 3 minutes, 1 second Mon, Sep 22, 2003 10:49 PM mail.WaterValley.Net 3 minutes, 1 second Mon, Sep 22, 2003 10:59 PM mail.WaterValley.Net 3 minutes, 1 second Mon, Sep 22, 2003 11:07 PM mail.WaterValley.Net 3 minutes, 2 seconds Mon, Sep 22, 2003 11:17 PM mail.WaterValley.Net 1 minute, 3 seconds Then, A MIRACLE OCCURRED! The problems STOPPED! That miracle was BIND 9.2.3rc3, for which we are eternally grateful. As I posted to NANOG on Tue, 23 Sep 2003 02:35:48 -0400: William Allen Simpson wrote: # Thought I'd mention that I helped setup BIND 9.2.3rc3 on a yellowdog # linux powercomputing machine tonight. It worked. And the mail queues # began clearing out. ... The next downtime (for restoring saved mail queues) was: Wed, Sep 24, 2003 06:39 PM mail.WaterValley.Net 21 minutes, 0 seconds Note the dramatic difference -- from failures several times per hour, to stability for days! I don't know how many others were devastated by the VeriSign wildcards, or whether the differences were as dramatic elsewhere. Hopefully, other ISPs worldwide will step forward. I expect we can come up with more data, but I'll save most of it for the expected future affidavits.... -- William Allen Simpson Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32