Date: Wed, 31 Jan 2001 18:02:48 MST To: BUGTRAQ@SECURITYFOCUS.COM From: Theo de Raadt <deraadt@CVS.OPENBSD.ORG> Subject: Security information for dollars? What does the community think of this change in direction? (Myself, I think it is a terrible idea to charge money for security information access, and that closing BIND up like this is also going to be harmful) --- To: bind-announce@isc.org Subject: PRE-ANNOUNCEMENT: BIND-Members Forum Date: Wed, 31 Jan 2001 09:36:02 -0800 From: Paul A Vixie <Paul_Vixie@isc.org> X-Approved-By: Ruth.Anne.Ladue@nominum.com X-original-sender: Paul_Vixie@ISC.Org X-List-ID: <bind-announce.isc.org> X-DCC-MAPS-Metrics: isrv3.isc.org 668; IP=0/633557 env_From=0/3494 From=0/3451 Subject=0/3451 Message-ID=0/3453 Received=0/3453 Body=0/3451 Fuz1=0/3451 ISC has historically depended upon the "bind-workers" mailing list, and CERT advisories, to notify vendors of potential or actual security flaws in its BIND package. Recent events have very clearly shown that there is a need for a fee-based membership forum consisting only of: 1. ISC itself 2. Vendors who include BIND in their products 3. Root and TLD name server operators 4. Other qualified parties (at ISC's discretion) Requirements of bind-members will be: 1. Not-for-profit members can have their fees waived 2. Use of PGP (or possibly S/MIME) will be mandatory 3. Members will receive information security training 4. Members will sign strong nondisclosure agreements Features and benefits of "bind-members" status will include: 1. Private access to the CVS pool where bind4, bind8 and bind9 live 2. Reception of early warnings of security or other important flaws 3. Periodic in-person meetings, probably at IETF's conference sites 4. Participation on the bind-members mailing list If you are a BIND vendor, root or TLD server operator, or other interested party, I urge you to seek management approval for entry into this forum, and then either contact, or have a responsible party contact, isc-info@isc.org. Paul Vixie Chairman ISC