Hello Dean, On Fri, Jun 01, 2007 at 12:07:48AM -0400, Dean Anderson wrote: > On Thu, 31 May 2007, Andrew Sullivan wrote: > > > > The popular TCP Wrapper package was originally conceived to discover > > the network location of an attacker [Venema1992]. > > No. Early TCP wrappers just provided logs of activity, and then later to > provide access control.
You may have overlooked the sentence in the paper that says, "I decided, however, that it would be more productive to maintain the service and to find out where the finger requests were coming from." (p1) In any case, the distinction between "discover the network location of an attacker" and "provide logs of activity" seems to me to be mostly one of a matter of narravtive abstraction. Given that this is intended to be a quick narrative history, I think the "intentional" level of abstraction is the right one, so I will leave this alone unless I hear support from the Working Group for your alternative gloss. > The TCP wrapper program did not succeed at stopping nameserver spoofing, > nor could it. I don't believe anyone claimed it did; and if you have evidence that the proposed text says it did, I would surely like to correct it. > know that. This is the origin of the reverse DNS "security" myth. What you regard as a myth others regard as a useful clue. That's the nice thing about the Internet: we can all use the information we get out at the edges to do the things appropriate to our judgement and conditions. The caveat is that this requires smart, well-informed operators who can agree to disagree about one another's practices, so long as none of the practices are harmful. A -- Andrew Sullivan 204-4141 Yonge Street Afilias Canada Toronto, Ontario Canada <[EMAIL PROTECTED]> M2P 2A8 jabber: [EMAIL PROTECTED] +1 416 646 3304 x4110 _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www1.ietf.org/mailman/listinfo/dnsop