Hi, Thanks for your careful reading and measured comments. Thanks also for the suggested text.
Before I deal with some of the issues you raise in your posting, I want to request some feedback from the wider group on what is clearly the central question in this discussion. I'd like to get a general sense of what people think, because it is entirely possible that this is a topic on which well-informed people just disagree. On Wed, Jan 24, 2007 at 02:35:01AM +0900, JINMEI Tatuya / 神明達哉 wrote: > let such admins do what doesn't really make sense and to recommend > others to adapt themselves for the convenience of the stubborn admins, > I don't see much importance in this effort; a stubborn admin will do > whatever they want anyway regardless of "technically sound" > recommendations from the IETF, It appears to me that there are two slightly different views about security and utility in this discussion. To be clear, I don't regard these as "camps", but I do think they are subtly different views, and that the difference makes a difference for this discussion. The first view is that reverse mappings provide no information of any utility whatsoever. There is no reason ever to use them except for convenience; certainly, one should never make any decisions on the basis of information included in the reverse tree. The idea here is that, because the reverse tree itself does not offer much in the way of security (and because it is relatively easy to hide bad behaviour anyway), there is no real utility in reverse mappings. Moreover, any use of them at all in making decisions about how to proceed is in fact a security hole that needs to be plugged with haste. The second view is that the reverse tree sometimes contains information that might be useful in making decisions about a host on the Internet. It is not to be regarded as canonical information, and it should certainly never be used as a primary source of data. That said, the reverse tree can sometimes be useful. Some site administrators, under certain circumstances, might legitimately use the (non-)maintenance of reverse mappings as a clue, on the basis of which they do additional processing. The general idea here is that, while the additional information provides no security at all on its own, it can sometimes be of use in _disqualifying_ a remote host from connecting to one's service. In addition, we have some cases where the reverse tree might be useful for other purposes. In the presence of reports from some users that they find the facility useful, I'm inclined to say that it should be maintained. This is not to say that it must be maintained in every situation; but that, on balance, unless you have pretty good reasons not to maintain it, you should maintain a reverse mapping. I believe that the draft as it stands is consistent with the second view, and that it expresses a view that is contrary to the first view. In other words, the draft as written says, I think, that administrator of site A is perfectly entitled to make decisions about site B on the basis of reverse mappings, _but_, the administrator of site A is cautioned that there are plenty of pitfalls in that strategy, and they ought to be taken into consideration. I'd like to know whether people think that is a reasonable thing to say. If the answer is, "No," then I'm not sure what we can say about reverse mappings at all. Best regards, A -- Andrew Sullivan 204-4141 Yonge Street Afilias Canada Toronto, Ontario Canada <[EMAIL PROTECTED]> M2P 2A8 jabber: [EMAIL PROTECTED] +1 416 646 3304 x4110 _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www1.ietf.org/mailman/listinfo/dnsop
