Alex,
I apologize because the business we talked about and I expected to fund an
OPES development has been hampered by an intermediary who wanted to black
mail it. It is now stabilizing but without the initial funding I expected.
All this disconnected me totally from the work in this group.
Now, I work on contingency plans to develop OPES. As you know I am
interested in DNS security and value added. I started rising the concern
about the impact of DNS failures for companies, users, nations. This
concerns takes off well. Also, I wish to find solutions where I can certify
who reached what - for access gateway, certified mail, DNS updates, spam
filtering, etc..
I follow three directions in parallel targeting large customers working on
their common industrialization of free softwares (a started organization of
large and committed organizations)- but to say large says slow.
1. to try to get a legal obligation in here to have a DNS contingency plan
to get a DNS insurance. We have right now a vote on the Internet law and I
proposed it. We start also dialoguing with the insurances association. The
idea is to call for a stand-alone DNS+ system. Nothing fancy but something
approved by insurances.
2. to develop a dedicated secure and stable hardware. The idea right now is
an OpenBSD version stripped off everything we do not need for a
named/Apache/postfix system + network and security control tools. The idea
behind the hardware is to stabilize solutions, to deliver binaries only and
to get an insurance company/legal stamp on it. A manufacturer is supporting.
3. to build a software architecture as an OPES filter and an OPES processor
- probably 8 machines in a team (two for backup)
- two to carry http, smtp and dns filtering
- two to carry DNS+ services (named and rerouting)
- two to carry security checking
- two controllers (or external softwares)
Kind of services:
- changing the dns request for a reroute, for vernacular name support (from
jeanfrançois.fra to jefsey.com), or for critical situations
- changing the LHS of mails to permit sending/receiving mails with
vernacular addresses to/from ASCII addresses
- verifying the origin of the call and the reached site, through external
multi channel checking
- introducing access menus in a relation
- gateway access
- weemail support (a project of mine documented in French at
http://weemail.org using standard smtp to send value added pointers rather
than texts - with a totally different approach for spammers and compatible
with existing e-mail).
I would be extremely interested in comments from everyone interested.
jfc