Discuss mailing list

[Mario Rodriguez <admin AT bambusoft.com>]

Hi all:

About .OZ transfer:

>>- Gather a team if possible
>>- Setup a T1
>>- Setup a registration interface
>>- Transfer domains and users over, reset passwords
>>- Test with Jeff

- Gather a team if possible
If someone wants to be part of .OZ team please send me an email to start .OZ Team

- Setup a T1
The server is up and running since 28/Apr

- Setup a registration interface
I'm working on this

- Transfer domains and users over, reset passwords
I'm ready to receive the information


About gp AT gparent.net concerns
The server is not dedicated to opennic activities only, so, root access is not an option. But, I'm open to be audited by other T1 operator, If any of you have any suggestion about how to accomplish this i will appreciate.

I understand your concern about security on MD5 passwords but It's up to Martin how he is going to send me the users data, I will only send one email to introduce my self, welcome all users
give the users the option to stay or close his account and give all of them a support channel, and btw I´m against SPAM.

I can give users the option of reset passwords at the beginning and store with sha1 with unique random salts. Then delete md5 passwords.


About IRC
Sorry guys, but I live on the other side of the wolrd (-15:00 hrs difference between México & Australia), I agree with Jon Plews, IRC comms must be summarized.

On 30/04/2014 11:02 p.m., gp AT gparent.net wrote:

I must cause a little bit of drama.

I've only seen Mario speak only once on the mailing list and never on IRC. I'd feel much safer if some other T1 operator(s) had root access to the servers used for this for a significant amount of time (at least 1 month).

I would like to request a few additional things:

- Absolutely have to rewrite the software to store something better than MD5 passwords before the zone returns to operation
- I disagree with MD5 passwords being given to a very recent member of the community (and I'd even include myself in that). Maybe this is my security background, but while I'd love to trust you I must object to a potential data leak of password hashes that are easily crackable.
- An email should be sent to the users if possible explaining the changes (sorry if this has already been said)

I agree with the rest of the transfer procedures though, and if you want to help us in this way and prove to be a valuable operator I applaud it entirely and welcome you with us \o/

Regards,

On 5/1/2014 12:05 AM, Julian DeMarchi wrote:

On 30/04/14 07:00, Mario Rodriguez wrote:

I will wait for an opennic authority (?) to give me resolution.

We will let you take over .OZ, no dramas. I'm away for two weeks after
tomorrow. So here is what I ask:

- Gather a team if possible
- Setup a T1
- Setup a registration interface
- Transfer domains and users over, reset passwords
- Test with Jeff

Once this has been done, let is be for the 2 weeks I'm gone. Once I get
back we'll move forward.

Ok?

Another thing, we will be re-working the T1/TLD policy as per Jeff's
email. This will address the issues with our TLDs not being maintained
and disappearing T1 servers like ns5. This will be a harsh policy to
ensure our root servers are always updated and working.

--julian

--------
You are a member of the OpenNIC Discuss list. 
You may unsubscribe by emailing discuss-unsubscribe AT lists.opennicproject.org

-- 
-gp

--------
You are a member of the OpenNIC Discuss list. 
You may unsubscribe by emailing discuss-unsubscribe AT lists.opennicproject.org