Re: draft-hollenbeck-grrp-reqs-06 [Was Re: Interim Meeting]

[Patrick <patrick@gandi.net>]

On Wed, Feb 07, 2001 at 08:57:33AM +0100, Urs Eppenberger took time to write:
> --On Montag, 5. Februar 2001 20:38 Uhr +0100 Patrick <patrick@gandi.net>
> wrote:
> 
> > Right... because you do not use ns1.foobar.com and ns2.foobar.com as
> > nameserver. In your case, someone just polluted the database.
> > As soon as your domain use ns{1,2}.foobar.com, you are hijacked...
> > 
> > That is inconvenient, since when the true owner will want to register
> > them for its true use, the Registry might not allow him, since they
> > already exist (with bogus data). How do you control who can change
> > the IP ?
> 
> You can get easy around this hijack problem. Just use the host name as the
> object handle (or database key). Reverselookup must work. In such a case
> you as holder of foobar.com has authority over *.foobar.com, generally you
> can walk over to that guy and knock him. So, if a 'wrong' owner registered
  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ what does that mean ?
> a bogus hijack-nameserver, that wrong owner sits close. You most probably
> have administrative control in your company over such a situation and there
> is no need for the registry or for the protocol to ensure a correct
> behaviour inside third party organisations.

I'm sorry, maybe because i'm not English, but I do not understand
this.

The problem remains in my POV : if someone claims to ``own'' a
nameserver, how do you authentify that claim ?
You do a reverse lookup on the name, and obtain an IP. And then ?
How do you know it is correct or not ?

Sorry for asking, I just do not understand.
But it is true that the hostname can be the key. Still we need
attributes attached to it I think.

Patrick.