On Oct 23, 2011, at 2:39 AM, Matthew Pounsett wrote: I think we need to accept that this practice is here to stay, and figure out how to deal with it on those terms.
There is no secure way to do search lists in a MIF environment. Or, really, even in a SIF environment. So saying "we just have to deal with it," while it may seem pragmatic, is really just avoiding the issue: it won't go away just because we ignore it. Remember: it used to be the case that people would authenticate rsh traffic using the source IP address, and this persisted long after it was clear that it was untenable. But the practice has been largely eliminated at this point. So it's not the case that just because some practice is "crucial," it will inevitably persist forever. The way search lists ought to be handled in a UI is to come up with a list of all the names that match the term the user has typed, and offer the user the opportunity to select which of those names to choose. But that's a UI hack, so essentially out of scope. Also, in order to do this in a MIF environment, you have to try resolving the name on both interfaces, which some people think is not acceptable.
_______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
