From owner-freebsd-hackers@FreeBSD.ORG  Tue Sep 16 17:04:25 2003
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 0201B16A4D6
	for <freebsd-hackers@freebsd.org>;
	Tue, 16 Sep 2003 17:04:25 -0700 (PDT)
Received: from harmony.village.org (rover.bsdimp.com [204.144.255.66])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 52A3E43F93
	for <freebsd-hackers@freebsd.org>;
	Tue, 16 Sep 2003 17:04:20 -0700 (PDT)	(envelope-from imp@bsdimp.com)
Received: from localhost (warner@rover2.village.org [10.0.0.1])
	by harmony.village.org (8.12.9/8.12.3) with ESMTP id h8H04HTX086392;
	Tue, 16 Sep 2003 18:04:18 -0600 (MDT)
	(envelope-from imp@bsdimp.com)
Date: Tue, 16 Sep 2003 18:04:17 -0600 (MDT)
Message-Id: <20030916.180417.44250294.imp@bsdimp.com>
To: jdp@polstra.com
From: "M. Warner Losh" <imp@bsdimp.com>
In-Reply-To: <XFMail.20030916170025.jdp@polstra.com>
References: <20030916.175558.10083602.imp@bsdimp.com>
	<XFMail.20030916170025.jdp@polstra.com>
X-Mailer: Mew version 2.2 on Emacs 21.3 / Mule 5.0 (SAKAKI)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
cc: freebsd-hackers@freebsd.org
cc: cliftonr@lava.net
cc: dan@langille.org
Subject: Re: Any workarounds for Verisign .com/.net highjacking?
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Sep 2003 00:04:25 -0000

In message: <XFMail.20030916170025.jdp@polstra.com>
            John Polstra <jdp@polstra.com> writes:
: On 16-Sep-2003 M. Warner Losh wrote:
: > I think we should put a filter for this nonsense into the base
: > system.  Hack the resolve to filter out the adddress, and hack bind to
: > filter it out too.  that way we can leverage our position in the name
: > servers in the world to do something about this BS.
: 
: I think so too, in principle.  But we need something better than a
: hard-coded IP address.  It would take Verisign about an hour to figure
: out they need to change the address frequently.  (Well, OK, a day ...
: it's Verisign, after all.)

Agreed.  but it wouldn't be too hard to determine at boot/hourly doing
a bogus query to find the address of the moment.  Even they would be
hard pressed to change things more than hourly.

Warner