On Friday, April 29, 2016 9:56 AM, John Levine wrote: > > >So, ISPs not doing reverse DNS for IPv6, like my current ISP, are > >making it impossible to use your own mail server to deliver mail over > >IPv6. I think they are doing a serious disservice to the open internet. > > Aw, c'mon. This argument was over a decade ago. > > If your ISP is like most other ISPs, retail connections have port 25 blocked, the > IP ranges are listed in the MAPS DUL and Spamhaus PBL, and the IPv4 > addresses have rDNS with names that say don't connect to me. (The patterns > that Richard derides work surprisingly well in > practice.) The reason, as we all know, is that about 99% of mail from retail > connections is botnet spam, and it's sheer self defense. You don't have to like > it, but it's not going to change, and it's a waste of time to argue about it.
John is correct there. This draft appears to solve a marginal problem, while creating a huge privacy issues. In fact, I could not find any privacy consideration in the text, while provisions such are placing a user name and location in a PTR record are really privacy hostile. I think the authors should seriously look at the privacy issues and rewrite the draft before it progresses any further. If the use case is, "allow a mail server from home," then the solution has to involve some serious configuration, e.g. asking the ISP to remove the port 25 filter for that IPv6 address. Entering a PTR would be part of the same provisioning process. So that use case cannot be a reason to require entering a PTR record for every IPv6 address. The stated requirement in the draft is the presumed best practices that " Every Internet-reachable host should have a name" [RFC1912], and "PTR's should use official names and not aliases". As many have already observed, this supposedly best practice is ancient, i.e. "Before Snowden." It should really be declared obsolete, given recent work on privacy. Check for example the discussion of privacy threats in RFC 7624, the INTAREA draft on "Current Hostname Practice Considered Harmful" (https://datatracker.ietf.org/doc/draft-ietf-intarea-hostname-practice/), or the recently concluded work on DHCP anonymity (https://datatracker.ietf.org/doc/draft-ietf-dhc-anonymity-profile/), which includes provisions to obfuscate or eliminate host names in DHCP requests when privacy is requested. The draft appears to recommend that PTR include host names of the form "254.user.town.AW.example.com," which are quite problematic from a privacy point of view. The short summary is that the proposed PTR would be a "super cookie." Consider that some ISP periodically change the IPv4 addresses or IPv6 subnets allocated to customers, in order to help protect the users' privacy. Following the recommendation of this draft, the ISP should immediately enter a PTR linking the new address to the user identity and location. That is silly! -- Christian Huitema _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
