To:
dnsop@cafax.se
From:
Daniel Senie <dts@senie.com>
Date:
Wed, 26 Mar 2003 15:51:28 -0500
In-Reply-To:
<693620000.1048698209@localhost>
Sender:
owner-dnsop@cafax.se
Subject:
Re: Radical Surgery proposal: stop doing reverse for IPv6.
At 12:03 PM 3/26/2003, Måns Nilsson wrote: >--On Wednesday, March 26, 2003 13:53:56 +0900 "JINMEI Tatuya / >=?ISO-2022-JP?B?GyRCP0BMQEMjOkgbKEI=?=" <jinmei@isl.rdc.toshiba.co.jp> >wrote: > > >> Security usage of reverse ... > > > > Can we all really agree on this point? I know many people in this > > thread (regardless of their position about reverse mapping) said a > > similar point, but I still see those who believe in the "security > > benefit" of reverse mapping. > >I think people confuse "security" with "order". For instance, several IRC >servers only let people in if forward and reverse match. This is just a >simple test, just to see if the client in some fuzzy way comes from "the >right side of the tracks". It does echo of "security", but it is really >just a matter of "order". The same goes for ftp servers. Order, as in: their broadband provider has a clue? Let's face it, there are lots of folks who don't have control over this. So if you claim this check isn't being done for security reasons, then it merely smacks of elitism. I am glad there's so much discussion of INADDR. I was unable to get much discussion of it in the last few years in working on draft-ietf-dnsop-inaddr-required-xx with the intention of publishing as a BCP indicating best practices in this area. I'll revive this, either as an individual submission or WG item, if folks will actually provide constructive input. Dan #---------------------------------------------------------------------- # To unsubscribe, send a message to <dnsop-request@cafax.se>.