ISC has historically depended upon the "bind-workers" mailing list, and
CERT advisories, to notify vendors of potential or actual security flaws
in its BIND package. Recent events have very clearly shown that there is
a need for a fee-based membership forum consisting only of:

        1. ISC itself
        2. Vendors who include BIND in their products
        3. Root and TLD name server operators
        4. Other qualified parties (at ISC's discretion)

Requirements of bind-members will be:

        1. Not-for-profit members can have their fees waived
        2. Use of PGP (or possibly S/MIME) will be mandatory
        3. Members will receive information security training
        4. Members will sign strong nondisclosure agreements

Features and benefits of "bind-members" status will include:

        1. Private access to the CVS pool where bind4, bind8 and bind9 live
        2. Reception of early warnings of security or other important flaws
        3. Periodic in-person meetings, probably at IETF's conference sites
        4. Participation on the bind-members mailing list

If you are a BIND vendor, root or TLD server operator, or other interested
party, I urge you to seek management approval for entry into this forum, and
then either contact, or have a responsible party contact, isc-infoisc.org.

Paul Vixie
Chairman
ISC

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]