> On Feb 6, 2007, at 3:43 PM, Andrew Sullivan wrote: > > The first view is that reverse mappings provide no information of any > > utility whatsoever. There is no reason ever to use them except for > > convenience; certainly, one should never make any decisions on the > > basis of information included in the reverse tree. The idea here is > > that, because the reverse tree itself does not offer much in the way > > of security (and because it is relatively easy to hide bad behaviour > > anyway), there is no real utility in reverse mappings. Moreover, any > > use of them at all in making decisions about how to proceed is in fact > > a security hole that needs to be plugged with haste.
The reverse mapping tree doesn't have any bearing on whether behavior is bad. So, it can't 'hide bad behavior'. The reverse mapping tree of Site B is specifically of 'no utility', as distinguished from 'no real utility', to administrator A for making _decisions_ about Site B. The mapping tree of Site B is only useful to Site _B_. Site B may use any reverse mapping scheme it pleases. There are many mapping schemes besides the '1:1' scheme favored by anti-spammers. Further, the '1:1' scheme isn't universally possible. The reverse mapping entry of Site B may be useful for Administrator A to _document_, but only as a secondary source in addition to the IP address, and the _documentation_ is only useful to improve subsequent communication with Site B. That's it. > > The second view is that the reverse tree sometimes contains > > information that might be useful in making decisions about a host on > > the Internet. It is not to be regarded as canonical information, and > > it should certainly never be used as a primary source of data. But it IS regarded by the draft proponents as canonical. We just heard Mr. Story exclaim just that. I think most people on the Working Group don't want to encourage persons with similar views. This draft will encourage that view. The draft wording in Section 4 is vague, but can be read to encourage that view. I've given text to disambiguate the draft, but that text was refused by the author. I think most people on the Working Group agree with the statements in my proposed text. > > That said, the reverse tree can sometimes be useful. Some site > > administrators, under certain circumstances, might legitimately use > > the (non-)maintenance of reverse mappings as a clue, on the basis of > > which they do additional processing. Exactly wrong. There is no legitimacy in such use; Mr. Story explicitly describes an example using "dialup". This practice should not be encouraged or seemingly legitimized by this Working Group in the approval of this draft. > > In other words, the draft as written says, I think, that > > administrator of site A is perfectly entitled to make decisions > > about site B on the basis of reverse mappings, _but_, the > > administrator of site A is cautioned that there are plenty of > > pitfalls in that strategy, and they ought to be taken into > > consideration. > > > > I'd like to know whether people think that is a reasonable thing to > > say. If the answer is, "No," then I'm not sure what we can say about > > reverse mappings at all. Administrator A is __entitled__ as I previously pointed out, to wear a tinfoil hat and tell people it protects him from aliens. However, there is no rational basis for that belief. There is a big difference between what one is entitled to do, and what one is rationally justified in doing. This working group should, per requirements of RFC2026, restrict itself to statements in drafts that are true and rational, and should reject statements that are neither true nor rational. Dean Anderson Av8 Internet, Inc -- Av8 Internet Prepared to pay a premium for better service? www.av8.net faster, more reliable, better service 617 344 9000 _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www1.ietf.org/mailman/listinfo/dnsop
