To:
Dean Anderson <dean@av8.com>
Cc:
Brad Knowles <brad.knowles@skynet.be>, Kevin Darcy <kcd@daimlerchrysler.com>, <dnsop@cafax.se>
From:
Brad Knowles <brad.knowles@skynet.be>
Date:
Sat, 22 Mar 2003 00:14:47 +0100
In-Reply-To:
<Pine.LNX.4.44.0303211551260.25586-100000@commander.av8.net>
Sender:
owner-dnsop@cafax.se
Subject:
Re: [RETRANSMIT] Re: Radical Surgery proposal: stopdoingreverse for IPv6.
At 3:59 PM -0500 2003/03/21, Dean Anderson wrote: > Non-wacko's (Ok, from now on I'll use another word) know that > Reverse is a convenience only. Fine. If it's only a convenience, please disable all your applications which may potentially make any use whatsoever of reverse DNS, and don't come back to us until you have done so. This includes traceroute. > If it didn't exist, only the convenience of > seeing a name on a traceroute is lost. Others have already demonstrated what important uses that reverse DNS is being put to. Instead of being a broken record, why don't you try to address those issues? > Essentially, you are exemplary of the reason is should be deprecated: > People who share your beliefs about reverse put too much trust in it, they > _depend_ on it in some way, and that is bad enough that we need to get rid > of it. I put absolutely no trust in reverse DNS. However, I believe that people should have the right to expect that reverse DNS will mostly work, especially in cases where they control both ends of certain transactions, and where the applications are intelligent enough to do a full forward-reverse-forward check to ensure that they aren't being spoofed. I may disagree with their choice of methods, but until you can come up with real arguments as to why reverse DNS should be abolished, I will defend to the death their right to choose to do so. > Its just like 3-wheeled ATV's (banned in the US)--They handle like > snowmobiles, and really aren't much more dangerous, but some people put > too much faith in the concept that if you turn the wheel (without > leaning), the vehicle should still turn and not roll over. Because of > that, the many people who can safely operate the 3wheelers are denied, for > the safety of those who can't. I am familiar with 3-wheeled ATVs. A cousin of mine was a "world of outlaws" sprint car driver/mechanic, Chief Mechanic for Sammy Swindell (including the brief time he spent trying to break into NASCAR), and now has his own business building race cars (or parts thereof). Both he and his brother are frequently involved in off-road activities. They were (safely) riding 3-wheeled ATVs before they could legally drive, probably before they were teenagers. Reverse DNS is not a three-wheeled ATV. It has important real-world uses, and does not begin to pose the kinds of dangers that you imply. If you can stop being a broken record and actually come up with serious arguments as to why the applications that have already been mentioned are not valid, and why reverse DNS is such a heinous crime to commit, you might have a chance of convincing me, and others. Until then, everything you've said is nothing but a pointless repetition of the same old vacuous claims, and you're not going to get very far. -- Brad Knowles, <brad.knowles@skynet.be> "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -Benjamin Franklin, Historical Review of Pennsylvania. GCS/IT d+(-) s:+(++)>: a C++(+++)$ UMBSHI++++$ P+>++ L+ !E-(---) W+++(--) N+ !w--- O- M++ V PS++(+++) PE- Y+(++) PGP>+++ t+(+++) 5++(+++) X++(+++) R+(+++) tv+(+++) b+(++++) DI+(++++) D+(++) G+(++++) e++>++++ h--- r---(+++)* z(+++) #---------------------------------------------------------------------- # To unsubscribe, send a message to <dnsop-request@cafax.se>.