To:
JINMEI Tatuya / �$B?@L@C#:H�(B
<jinmei@isl.rdc.toshiba.co.jp>
Cc:
Rob Austein <sra+dnsop@hactrn.net>, dnsop@cafax.se
From:
Brad Knowles <brad.knowles@skynet.be>
Date:
Fri, 4 Apr 2003 09:57:49 +0200
In-Reply-To:
<y7vd6k2zxo4.wl@ocean.jinmei.org>
Sender:
owner-dnsop@cafax.se
Subject:
Re: I-D ACTION:draft-ietf-dnsop-inaddr-required-04.txt
At 1:36 PM +0900 2003/04/04, JINMEI Tatuya /
=?ISO-2022-JP?B?GyRCP0BMQEMjOkgbKEI=?= wrote:
>> - Mxxs, who liked the draft and suggested adding text discussing IPv6;
>
> ('xx' seemed to be non-ascii characters)
I believe it was "Mans", where the "a" character had a circle
above it. I'm not sure what this character is called.
> First, I'd like to confirm if my understanding above is correct. The
> draft basically just says:
>
> Applications SHOULD NOT rely on IN-ADDR for proper operation.
Correct.
> But it is not very clear what the "proper operation" means.
"Proper operation" should also include any security-related functions.
> I picked
> up the examples of the discouraged usage from Section 3 based on my
> understanding of the draft. If I read it correctly, however, then I'd
> wonder why people who seemed to want rely on such a usage
> (e.g. rejecting ftp connections) are supporting the draft.
It's a matter of what is done by the programmer (assuming some
sort of "proper operation" based on rDNS), versus what may be done by
the administrator/operator (choosing to configure their machines in a
particular way so as to require correct rDNS before they allow you to
proceed).
We want to discourage programmers from depending on something
like this, while allowing owners/operators/administrators to choose
to configure their machines in whatever way they feel is appropriate.
This also means that software & OS vendors should not install
their software in such a fashion that it depends on rDNS for "proper
operation", as a default. Most users will simply take whatever
default they are given, without understanding the underlying
assumptions that might not be appropriate for their situation.
So, if someone wants to configure their machine to require
correct rDNS before they will allow you to proceed, they should be
able to do that.
However, they shouldn't be forced to do that by the programmers
who wrote the software, nor should the software be configured so as
to do that by default.
--
Brad Knowles, <brad.knowles@skynet.be>
"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
-Benjamin Franklin, Historical Review of Pennsylvania.
GCS/IT d+(-) s:+(++)>: a C++(+++)$ UMBSHI++++$ P+>++ L+ !E-(---) W+++(--) N+
!w--- O- M++ V PS++(+++) PE- Y+(++) PGP>+++ t+(+++) 5++(+++) X++(+++) R+(+++)
tv+(+++) b+(++++) DI+(++++) D+(++) G+(++++) e++>++++ h--- r---(+++)* z(+++)
#----------------------------------------------------------------------
# To unsubscribe, send a message to <dnsop-request@cafax.se>.
Home |
Date list |
Subject list