On Fri, 28 Feb 2003, Edward Warnicke wrote: > Could you be more specific about what security considerations > you see?
Mainly revealing information to anyone that isn't accessible to anyone except those in the local network at the moment. Dangerous. > In terms of operational resistance to use, I'd expect it to be about on > par with the use of rp and hinfo records. Organizations which find > utility in having those records populated use them, organizations that > don't see value don't use them. I've been in organizations which break > both ways on hinfo and rp records. If an organization finds value in > deploying this scheme, they will. It's a question of applications. HINFO and RP are *very* rarely used. They're just not useful (even dangerous) in the global Internet use. On th other hand, in a very restricted network with local domain-names, these (and some others, also) may be used. > On Fri, 28 Feb 2003, Pekka Savola wrote: > > > On Fri, 28 Feb 2003, Robert Elz wrote: > > [...] > > > Why would my nodes care what the network that contains some random IP > > > address might happen to be (or why would I ever care more than the > > > routing tables will tell me) ? > > > > Being able to do something like this would have quite a few security > > considerations, besides -- in addition to operational reluctance to take > > it to use. > > > > Finding your *own* info could be useful, but you really need most of that > > information before you can make the DNS query.. > > > > -- > > Pekka Savola "You each name yourselves king, yet the > > Netcore Oy kingdom bleeds." > > Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings > > > > > > #---------------------------------------------------------------------- > # To unsubscribe, send a message to <[EMAIL PROTECTED]>. > -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings #---------------------------------------------------------------------- # To unsubscribe, send a message to <[EMAIL PROTECTED]>.
