http://www.potaroo.net/ A weblog of Internet material by Geoff Huston. en-au Copyright 1989-2010 Geoff Huston Tue, 9 Feb 2010 21:52:00 +1000 http://feedvalidator.org/docs/rss2.html 130 http://www.potaroo.net/ispcol/2010-21/rollover.html http://www.potaroo.net/ispcol/2010-02/rollover.html It is considered good security practice to treat cryptographic keys with a healthy level of respect. As RFC4641 states: "the longer a key is in use, the greater the probability that it will have been compromised through carelessness, accident, espionage, or cryptanalysis." Even though the risk is considered slight if you have chosen to use a decent key length, RFC 4641 recommends, as good operational practice, that you should "roll" your key at regular intervals. What could possibly go wrong? Tue, 9 Feb 2010 21:52:00 +1000 http://www.potaroo.net/ispcol/2010-01/addressing-2009.html http://www.potaroo.net/ispcol/2010-01/addressing-2009.html It's January again, and being the start of another year, it's as good a time as any to look at the last 12 months and see what the Internet has up to in 2009. The Internet's continuing growth can be viewed using many forms of metrics, including number of connected customers, the count of web pages, or selected measures of network traffic. One perspective comes from an examination of the records of address allocations that were made by the five Regional Internet Registries (RIRs). Fri, 15 Jan 2010 11:52:00 +1000 http://www.potaroo.net/ispcol/2009-12/nxdomain.html http://www.potaroo.net/ispcol/2009-12/nxdomain.html Who would buy non-existent DNS names? Well, it should come as no surprise that in a world where there is already a large and valuable market for selling DNS names that are not Internet-visible as service endpoints, there is also a valuable market in identifying yet more names that users are using in their applications that are not even visible to the DNS. There is value in catching the NXDOMAIN responses from a DNS resolver and substituting a page impression. There is value in the so-called practice of "typosquatting". Sun, 27 Dec 2009 21:52:00 +1100 http://www.potaroo.net/ispcol/2009-11/stateless.html http://www.potaroo.net/ispcol/2009-11/stateless.html I've often heard it said that the world is full of bad ideas. But no matter how many bad ideas there may be, the good news is that there is always room for one more! So in the spirit of "more is better" I'd like to offer the following as yet another Bad Idea (http://bert.secret-wg.org/BIF/index.html). There is also the intriguing possibility that this flawed concept could be made to work, making this a thoroughly Useless Tool (http://bert.secret-wg.org/Tools/index.html) at the same time! Fri, 30 Oct 2009 19:30:00 +1100 http://www.potaroo.net/ispcol/2009-10/ripe59.html http://www.potaroo.net/ispcol/2009-10/ripe59.html RIPE, or Réseaux IP Européens, is a collaborative forum open to all parties interested in wide area IP networks in Europe and beyond. The objective of RIPE is to ensure the administrative and technical coordination necessary to enable the operation of a pan-European IP network. RIPE has been a feature of the European Internet landscape for some twenty years now, and it continues to be a progressive and engaged forum. These days RIPE meets twice a year, and the most recent meeting was held at Lisbon, Portugal, from the 5th to the 9th of October 2009. In this column I'd like to share some of my impressions of this meeting. Fri, 23 Oct 2009 07:00:00 +1100 http://www.potaroo.net/ispcol/2009-09/v6trans.html http://www.potaroo.net/ispcol/2009-09/v6trans.html Many views of the transition to IPv6 assume that the combination of the factors of the imminent exhaustion of the unallocated pool of IPv4 addresses and the conventional dynamics of an open competitive marketplace in the ISP sector will be sufficient to propel the transition to IPv6. The question I would like to pose here is: Is this an appropriate view of the transition to IPv6? An alternative view is that this transition to IPv6 has already stalled over the past decade, and we should be prepared to view the current situation as an instance of a "market failure" in economic terms, where the transition will require the impetus of some form of response associated with the distribution of a "public good", and that conventional market dynamics are in and of themselves incapable of sustaining such a transition. Mon, 28 Sep 2009 11:20:00 +1000 http://www.potaroo.net/ispcol/2009-08/asagain.html http://www.potaroo.net/ispcol/2009-08/asagain.html IPv6 is not the only number resource that is running out in the coming couple of years. The same fate awaits the pool of Autonomous System numbers, used to support the inter-domain routing protocol, BGP. In the original design of BGP. In this article I'd like to update the situation that was originally reported here some fours years ago, and look at we are doing about AS Number exhaustion. Mon, 31 Aug 2009 07:50:00 +1000