On Wed, 14 Feb 2007, Edward Lewis wrote: > At 19:50 -0500 2/14/07, Dean Anderson wrote: > > >I am not declaring a consensus. I am stating, based on the history of > >discussion the various drafts, that most people agree with my views on > >this topic in contrast to, for example, Mr. Story's views. If anything, > >I am asking for a consensus call on the 3 statements I proposed.
[...] > I am asking, based on what evidence are you asserting "most people", > therefore "consensus" has been achieved? I've said History. You have access to the archives. Here are some: Re: comment on draft-ietf-dnsop-inaddr-required-02.txt by Kevin Darcy <[EMAIL PROTECTED]>, Tue, 07 Aug 2001 "But, why use reverse DNS at all? It leads to all sorts of bad security practices, half-solutions to real problems (like the spam problem) and a *false* sense of security." At 10:01 PM 9/12/01, Kevin Darcy wrote: >I oppose adoption/advancement of the draft. Not only are the security >justifications null and void, I think they actually *detract* from the >other justifications inasmuch as they promote/encourage bad security >practices and/or risk creating a False Sense of Security. Re: I-D ACTION:draft-ietf-dnsop-inaddr-required-04.txt by JINMEI Tatuya Fri, 04 Apr 2003 "Secondly, if I don't misunderstand the intention, the draft says two things: [...] "2. applications should not rely on reverse mapping for several purposes as they currently do. The discouraged purposes include: - rejecting ftp/telnet connections just due to the lack of reverse mapping or failure of reverse-forward-reverse match. - filtering rule in TCP wrappers due to the lack of reverse mapping - regarding e-mail messages as spam if the sender address does not have a reverse mapping" [JINMEI did misunderstand the draft's intention. It did not DIScourage these things, it ENcouraged them. JINMEI agrees, as I do, that they should be DIScouraged.] Re: [dnsop] Tangible harm caused by in-addr-required draft by Ted Lemon Fri, 1 Apr 2005 "> Dean Anderson writes: > Basically, this says its ok to use in-addr based security, and if they > don't match, that's a "security concern". > > In other words, matching in-addr is required. "This is a legitimate, specific criticism. One that I haven't seen from you before on the mailing list. I very much support fixing cases where the text can be misread in the way you suggest. It would be disastrous if someone read the document the way you suggest, and I can see where someone could make that mistake, although it wasn't obvious to me until you pointed it out. [...]" [Oddly, I had been saying that all along, but apparently Ted didn't see it.] There's more, but I've made the point. Basically, many people have greatly misunderstood this document, and when those misunderstandings are eventually illuminated for them, they agree with me. That is, except for those people who vehemently agree with Robert Story's viewpoint, such as Mans Nielson and some others. The proponents have gone from calling for 'in-addr required' in 2000 (document name and title), to assuring us they didn't mean that in-addr was required despite the document name (but it really was required, they just put it in the ambigous text), to where we are now (changing the document name). I assert that these misunderstandings indicate ambiguity in the text, and that the text must be very carefully examined to avoid the 'disastrous results' (quoting Ted Lemon) that would result from the mistake. The present authors have not eliminated the previous ambiguity, but have merely changed the wording to different, but still ambiguous, statements with the same disastrous effect as before---still supporting the notion that in-addr is required for security, that it is reasonable to block email based on 'dialup' in the name, or because there is no in-addr RR, etc (see section 4 of the current draft). This document has not achieved consensus for many years (7 years?) because no one agrees with (eg) Robert Story's views, and once it become clear the document endorses that view, it is sent back for revision. Perhaps you've forgotton some things: Re: I-D ACTION:draft-ietf-dnsop-inaddr-required-04.txt by Ed Lewis Fri, 4 Apr 2003 "I'd recommend only working on the document if the tone is of a report on the current state of affairs and not that of a mission statement to fix the ills of a broken reverse map. The former is useful and closure can be reached, the latter a rat hole without bottom." Seems Section 4 of the current draft are just such 'ills of a broken reverse map'. Of course, its not really "broken", it just doesn't conform to the 1:1 scheme that the anti-spammers want everyone to use and want the DNSOP WG to approve and encourage. I hope I've jogged your memory, and cleared up a few things. --Dean -- Av8 Internet Prepared to pay a premium for better service? www.av8.net faster, more reliable, better service 617 344 9000 _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www1.ietf.org/mailman/listinfo/dnsop