I was referring specifically to the use of reverse DNS as a pseudo-authentication mechanism.
That is just one of many uses of the DNS, albeit not one of it's best.
Kick out that crutch, and the folks who were using it will gravitate towards legitimate, crypto-based authentication mechanisms (which hopefully should be independent of the underlying -- IPv4 versus IPv6 -- protocol suites). Carry end-node reverse DNS forward into the IPv6 world, and you'll *never* get rid of the bogus authentication mechanisms...
Okay, so we're going to break the DNS because one particular mis-application causes security issues elsewhere, such as with new protocol standards like IPv6.
Do we break the DNS every single time some whacko comes up with a bizarre idea to abuse the DNS in yet another way to inappropriately solve some other problem?!?
Seems to me that we could instead require that IPv6 be fixed to require crypto-enabled authentication, instead of breaking the DNS.
-- Brad Knowles, <[EMAIL PROTECTED]>
"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
-Benjamin Franklin, Historical Review of Pennsylvania.GCS/IT d+(-) s:+(++)>: a C++(+++)$ UMBSHI++++$ P+>++ L+ !E-(---) W+++(--) N+ !w--- O- M++ V PS++(+++) PE- Y+(++) PGP>+++ t+(+++) 5++(+++) X++(+++) R+(+++) tv+(+++) b+(++++) DI+(++++) D+(++) G+(++++) e++>++++ h--- r---(+++)* z(+++) #---------------------------------------------------------------------- # To unsubscribe, send a message to <[EMAIL PROTECTED]>.
