To:
dnsop@cafax.se
From:
Kevin Darcy <kcd@daimlerchrysler.com>
Date:
Wed, 12 Sep 2001 22:01:42 -0400
Sender:
owner-dnsop@cafax.se
Subject:
Re: draft-ietf-dnsop-inaddr-required-02.txt
I oppose adoption/advancement of the draft. Not only are the security justifications null and void, I think they actually *detract* from the other justifications inasmuch as they promote/encourage bad security practices and/or risk creating a False Sense of Security. I have personal experience of this since many people here have in the past adopted use of the inherently-insecure "r-series" commands (rlogin, rsh, etc.) based partly on the fact that we provide consistent and reliable in-addr.arpa mappings in our internal DNS. Using IP addresses in the .rhosts files would have been more maintenance-intensive for these individuals and made this choice less palatable for them. in-addr.arpa mappings are a *convenience*. Every organization should be free to decide for themselves whether the convenience of in-addr.arpa mappings is worth the time, effort and ultimately the cost of setting up and maintaining them. Mandating something that is not (or *should*not* be, see comments about security above) necessary for interoperability, and which many folks will just ignore anyway seems like a waste of time and effort and makes DNSOP look foolish or at least out of touch with reality. - Kevin Daniel Senie wrote: > The minutes from the London meeting were just posted. I'd told the chair > well in advance that I would not be at the meeting. My work and travel > schedule often do not permit me to make all 3 IETF meetings in a given year. > > At the previous meeting the chair asked if there was interest in the draft, > and there appeared strong support. I've received a LOT of comments and > feedback on this draft, and there seems to be support. I am confused by the > chair's comments, as reported by the scribe, that if there isn't strong > support, the draft will be discarded. > > If the WG doesn't have any interest in this draft, I will resubmit it once > again as an independent submission. It's not going to be "discarded" as > such. I will continue to push this document with or without the WG. > > Whether the document's focus is the same as it originally was is arguable. > At Minneapolis, there was strong support for having the document discourage > the use of INADDR as a security mechanism, yet continue to push people to > implement INADDR. > > I'd like to get a sense of whether the WG wants me to continue this > document under the auspices of the group, or take it back to individual > contribution status, where it started.