To:
Rob Austein <sra+dnsop@hactrn.net>
Cc:
dnsop@cafax.se
From:
JINMEI Tatuya / $B?@L@C#:H(B
<jinmei@isl.rdc.toshiba.co.jp>
Date:
Fri, 04 Apr 2003 13:36:27 +0900
In-Reply-To:
<20030402223212.5111218E1@thrintun.hactrn.net>
Sender:
owner-dnsop@cafax.se
User-Agent:
Wanderlust/2.10.0 (Venus) Emacs/21.2 Mule/5.0 (SAKAKI)
Subject:
Re: I-D ACTION:draft-ietf-dnsop-inaddr-required-04.txt
>>>>> On Wed, 02 Apr 2003 17:32:12 -0500, >>>>> Rob Austein <sra+dnsop@hactrn.net> said: > So far we've heard from: > - Ray, who pointed out some RIR-related (specifically, ARIN-related) > text that needs some work; > - Mxxs, who liked the draft and suggested adding text discussing IPv6; ('xx' seemed to be non-ascii characters) > - Dean, who says that we should not be working on this draft. > Does anybody -else- have comments on this draft? In particular: does > anybody who has not yet spoken on this have an opinion on whether the > WG should be working on this? Though I've mentioned this draft in a separate thread, I think I can present my opinion since I'm not listed above. I believe the wg should work on this, and I basically support the intention of the draft. The draft, however, will need several clarifications. As already pointed out, the title (and the filename) does not reflect the content well and will thus need to be revised. Abstract and introduction may also need a revise from this point of view. Secondly, if I don't misunderstand the intention, the draft says two things: 1. we need to try to build correct reverse mapping as much as possible. 2. applications should not rely on reverse mapping for several purposes as they currently do. The discouraged purposes include: - rejecting ftp/telnet connections just due to the lack of reverse mapping or failure of reverse-forward-reverse match. - filtering rule in TCP wrappers due to the lack of reverse mapping - regarding e-mail messages as spam if the sender address does not have a reverse mapping I don't much care about bullet 1, but I think bullet 2 needs some clarification. First, I'd like to confirm if my understanding above is correct. The draft basically just says: Applications SHOULD NOT rely on IN-ADDR for proper operation. But it is not very clear what the "proper operation" means. I picked up the examples of the discouraged usage from Section 3 based on my understanding of the draft. If I read it correctly, however, then I'd wonder why people who seemed to want rely on such a usage (e.g. rejecting ftp connections) are supporting the draft. Also, I'm not sure if all the examples in Section 3 are discouraged based on the intention of the draft, which include: - (to try) logging the result of reverse lookup of a web client in a web server - reverse lookup in traceroute Finally, Section 4 needs to be clearer. The draft says The use of IN-ADDR, sometimes in conjunction with a lookup of the name resulting from the PTR record provides no real security, ... ^^^^^^^^^^^^^^^^ but, as already pointed out in this list, "security" is a broad term. I believe the draft should be clear on what kind of "security" it is talking about. In summary, I'd like the draft - to clarify the first paragraph of Section 4, and - to add a concrete list of discouraged usage in Section 4 JINMEI, Tatuya Communication Platform Lab. Corporate R&D Center, Toshiba Corp. jinmei@isl.rdc.toshiba.co.jp #---------------------------------------------------------------------- # To unsubscribe, send a message to <dnsop-request@cafax.se>.