Good Evening Everyone, I have to agree with Joe's post and I have also had a number of other off post emails reiterating the same message. Once this had gone public CCIP should have engaged this forum. CCIP has well defined procedures and processes in place when sharing information with the National and International security communities and the "traditional" critical infrastructure community. Outside of those communities the process is not as well defined and this event has highlighted this. What this event has also demonstrated is that the NZNOG community is dedicated to protecting New Zealand's networks and we just need to figure out how we can do that together, and part of that is ensuring the right information gets to the right people. One of the recent suggestions CCIP has received is the concept of establishing an NSP-SEC group for New Zealand. Another suggestion is the need for a closed mailing list for the NZ ISP community. The intention would not be to replace the NZNOG mailing list but to have an alternative for when the community needed a closed and trusted mode of communication. CCIP would like to work with this community to investigate establishing something along these lines in New Zealand and to listen to your thoughts and suggestions on this topic as a number of you have been thinking about this for some time as well. CCIP would like to thank you all for your comments and suggestions both on and off the list, and I look forward to working closer with this community. Regards, Paul. Paul McKitrick Business Manager Centre for Critical Infrastructure Protection D: (+64) 4 498 7675 P: (+64) 4 498 7654 M:(+64) 2 145 4604 F: (+64) 4 498 7655 E: paul.mckitrick(a)ccip.govt.nz W: www.ccip.govt.nz This e-mail contains official New Zealand Government information, which is intended for the use of addressees only. If you have received this e-mail in error, please notify the sender immediately and delete. You should not further disseminate, distribute or copy this e-mail in any way. -----Original Message----- From: Joe Abley [mailto:jabley(a)ca.afilias.info] Sent: Saturday, 26 July 2008 1:59 a.m. To: Paul McKitrick Cc: NZNOG(a)list.waikato.ac.nz Subject: Re: [nznog] DNS Cache Poisoning On 25 Jul 2008, at 02:33, Paul McKitrick wrote:
In early July CCIP met with NZ Registry Services to discuss this issue and determine who the most appropriate audience for this information would be. Because of the sensitivity of this it was determined that the NZNOG mailing list would not be appropriate as it is an open forum with over 800 registered participants.
For my money, at that time, that would have made NZNOG an ideal place to start making noise about the problem. http://www.kb.cert.org/vuls/id/800113 was published on 7 July. Keeping things quiet after that date seems like quite the wrong thing. What would have been much better would have been a concerted and noisy public airing of the problem, carried out by people who understood it and knew how to answer the (understandably) doubtful responses to it ("isn't this the same thing that was first announced in 2002?", etc.) Joe