Re: Services and top-level DNS names (was: Re: Update of RFC 2606 based on the recent ICANN changes ?)

Fri, 04 Jul 2008 15:35:09 -0700 

> So the "problem" isn't whether some string not listed in 2606
> can be allocated, it is how it is used after it is allocated.
> And _that_ situation has a lot more to do about "buyer beware"
> and understanding of conflicting expectations about use than it
> does about ownership. 
> 
>     john

        I really wish it was *just* "buyer beware".  If http://museum/
        only works for some clients and not other then there really
        isn't a problem.  By "works" here I mean connects to
        83.145.59.103 or nowhere.

        The problem is that it isn't just "buyer beware".  If the
        buyer adds any records are looked up by search mechanisms
        as a part on normal application activity, A, AAAA and MX
        are simple examples, then *ALL* the users of the Internet
        need to be aware that they are there.

        This is a security problem, not a buyer beware problem.

        This is a namespace clash and namespace clashes are bad for
        many reasons.

        Now as far as I can see there are two solutions which attack
        the problem from different ends.

        1. ban the adding of any records which meet the above criteria.
        2. rewrite resolvers to not lookup single labels against the
           root.

        Note banning would have to be described is a manner that
        didn't preclude the negative advertisement of a service.
        It would also have to be writen to exclude records that a
        looked up with a prefix added.

        Also what is the penalty for adding banned records?

        Mark
        

; <<>> DiG 9.3.4-P1 <<>> museum
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61108
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 5, ADDITIONAL: 0

;; QUESTION SECTION:
;museum.                                IN      A

;; ANSWER SECTION:
museum.                 86034   IN      A       83.145.59.103

;; AUTHORITY SECTION:
museum.                 22099   IN      NS      ns-ext.vix.com.
museum.                 22099   IN      NS      ns1.getty.edu.
museum.                 22099   IN      NS      nic.icom.org.
museum.                 22099   IN      NS      ns.icann.org.
museum.                 22099   IN      NS      nic.museum.

;; Query time: 3 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sat Jul  5 08:22:30 2008
;; MSG SIZE  rcvd: 162

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: [EMAIL PROTECTED]
_______________________________________________
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

Reply via email to