On Tue, 6 Feb 2007 14:48:52 -0500 (EST) Dean wrote: DA> It is never reasonable to describe unreasonable behavior as somehow DA> reasonable.
But reason itself is subjective. What's perfectly reasonable to one is utterly insane to another. DA> "Reasonable" decisions are well-founded on the basis of DA> actual facts and deductive logic. Decisions that are not based on DA> actual facts and deductive logic are, by definition, "unreasonable". Baloney. It is possible to make reasonable decisions even with the complete absence of facts. But that's besides the point. So, if you want facts, here you go: many admins use reverse mappings for various and sundry purposes. (You can scream and holler all you want about how 'unreasonable' it is for those admins to do so, but it doesn't change the fact that they do.) thus it is 'reasonable' to suggest that other admins may want to consider provisioning reverse mappings. Which is what this document does. DA> Reverse mapping entries do not provide one with actually true facts, nor DA> do they provide one with necessary and sufficient conditions on which to DA> base deductions about the security of site B. Regardless of whether or not you consider a reverse mapping a 'true fact' or not, they certainly can provide sufficient information to make decisions based on the site. DA> There are no facts or deductions regarding security that can be properly DA> inferred by administrator A based on the reverse mapping entries of site DA> B. If I get a connection to my mail server from an ip address that reverse maps to dialup0937613.isp.example, it's perfectly reasonable for me to decide to reject that connection based on the fact that most mail from dialups is spam. You are quite right, however, that I would be daft to have a firewall rule to a control port of a router that looked like 'good-guy.* ALLOW'. But that doesn't mean that the first use is unreasonable. -- Robert Story SPARTA
signature.asc
Description: PGP signature
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www1.ietf.org/mailman/listinfo/dnsop
