Re: draft-warnicke-network-dns-resolution-02.txt

[Brad Knowles <brad.knowles@skynet.be>]

At 8:51 AM -0400 2003/07/08, Edward Warnicke wrote:

>  I seem to have miscommunicated.  I am in no way suggesting that a router
>  provide arbitrary "lawful intercept" services for some unknown
>  party in some other country.  Please see
>  http://www.ietf.org/internet-drafts/draft-baker-slem-architecture-01.txt

	Okay, fair enough.  But if you want to get wide availability of 
this feature, you have to give people a reason to actively want to 
provide this information.

	Since many sites may not have fully secured their routers, if 
they identify the first hop router for each netblock they own, then 
there is the risk that people will make a stronger and more concerted 
attack on that router, perhaps trying to subvert or abuse features 
that may have been included and turned on by default.


	IMO, this is like revisiting the whole WKS idea all over again. 
In the early days of the Internet, that was good.  But in the modern 
days where publishing any additional information about your system 
may result in an increased security exposure, I just can't see 
something like this being broadly useful or widely adopted. 
Moreover, I see this opening up whole new cans of worms that I don't 
think we want to even think about.

-- 
Brad Knowles, <brad.knowles@skynet.be>

"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
     -Benjamin Franklin, Historical Review of Pennsylvania.

GCS/IT d+(-) s:+(++)>: a C++(+++)$ UMBSHI++++$ P+>++ L+ !E-(---) W+++(--) N+
!w--- O- M++ V PS++(+++) PE- Y+(++) PGP>+++ t+(+++) 5++(+++) X++(+++) R+(+++)
tv+(+++) b+(++++) DI+(++++) D+(++) G+(++++) e++>++++ h--- r---(+++)* z(+++)
#----------------------------------------------------------------------
# To unsubscribe, send a message to <dnsop-request@cafax.se>.