To:
JINMEI Tatuya / $B?@L@C#:H(B
<jinmei@isl.rdc.toshiba.co.jp>
cc:
Måns Nilsson <mansaxel@sunet.se>, <dnsop@cafax.se>
From:
Dean Anderson <dean@av8.com>
Date:
Wed, 26 Mar 2003 11:42:35 -0500 (EST)
In-Reply-To:
<y7visu6sp7f.wl@ocean.jinmei.org>
Sender:
owner-dnsop@cafax.se
Subject:
Re: Radical Surgery proposal: stop doing reverse for IPv6.
Yes, I agree with this. Both of the methods you have listed replace the convenience of having reverse. --Dean On Wed, 26 Mar 2003, JINMEI Tatuya / [ISO-2022-JP] $B?@L@C#:H(B wrote: > >>>>> On Sun, 23 Mar 2003 23:57:43 +0100, > >>>>> Måns Nilsson <mansaxel@sunet.se> said: > > >> So the question is if security benefits provided by reverse lookups > >> outweighs the disadvantages. > > > Security usage of reverse is so absurd (given that DNNSEC will not help if > > someone tries to put another domain as RDATA in PTR records) that it is > > irrelevant. > > Can we all really agree on this point? I know many people in this > thread (regardless of their position about reverse mapping) said a > similar point, but I still see those who believe in the "security > benefit" of reverse mapping. > > If I'm wrong, then I'll be happy, and we can consider various > approaches for the "convenience" purposes which may coexist each > other. Such approaches will include: > > - wildcard reverse mapping for some upper zone > - ICMPv6 node information queries > > JINMEI, Tatuya > Communication Platform Lab. > Corporate R&D Center, Toshiba Corp. > jinmei@isl.rdc.toshiba.co.jp > > #---------------------------------------------------------------------- > # To unsubscribe, send a message to <dnsop-request@cafax.se>. > #---------------------------------------------------------------------- # To unsubscribe, send a message to <dnsop-request@cafax.se>.