Re: I-D ACTION:draft-ietf-dnsop-inaddr-required-04.txt

[Brad Knowles <brad.knowles@skynet.be>]

At 6:13 PM -0400 2003/04/10, Kevin Darcy wrote:

>  The draft is a bad draft.

	Then propose something better.  Or at least propose improvements 
to what's there.

>  But, more fundamentally, the draft basically comes off as saying "it's
>  a bad idea to rely on X, but you have to (or _should_, see my above
>  comment about pseudo-normative language) do X anyway", where X is, of
>  course, "maintain reverse records". What's the point of this? Either
>  it's a bad idea to use reverse records, for security/auditing/logging
>  purposes, or it is not. If it's a bad idea, we shouldn't be recommending
>  that the practice be continued. If it's *not* a bad idea, then it should
>  be explained not only why it's a good idea, but specifically how the
>  benefits outweigh the costs (false positives, etc.) of doing it.

	As said before, it's a bad idea to depend on rDNS as the sole 
source of information as to what is good or bad, but it remains a 
useful tool to help provide additional data when making decisions.

	Therefore, rDNS SHOULD be maintained for both IPv4 and IPv6 
(either manually or using some sort of automated tools).

	What I believe that we are trying to discourage is the 
programmers who decide to depend on rDNS as the sole arbiter of all 
goodness.  This is the bad behaviour that should be eliminated.

-- 
Brad Knowles, <brad.knowles@skynet.be>

"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
     -Benjamin Franklin, Historical Review of Pennsylvania.

GCS/IT d+(-) s:+(++)>: a C++(+++)$ UMBSHI++++$ P+>++ L+ !E-(---) W+++(--) N+
!w--- O- M++ V PS++(+++) PE- Y+(++) PGP>+++ t+(+++) 5++(+++) X++(+++) R+(+++)
tv+(+++) b+(++++) DI+(++++) D+(++) G+(++++) e++>++++ h--- r---(+++)* z(+++)
#----------------------------------------------------------------------
# To unsubscribe, send a message to <dnsop-request@cafax.se>.