-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
In message <5453adcd.7090...@redbarn.org>, Paul Vixie <p...@redbarn.org>
writes
>and yet, every proposal i've seen concerning IPv6 PTR screams silently,
>"PTR is an old-internet concept which no longer applies." it's as if we
>were trying to placate a bunch of apps that didn't understand classless
>inter-domain routing (CIDR) with its variable length prefixes, and
>rather than fix the apps, we're synthesizing acceptable metadata for
>them, at great complexity cost, and zero information benefit.
I entirely agree ... the fact that reverse DNS works as a heuristic (and
not an especially key heuristic) for IPv4 is not a reason for the
considerable effort required to try and make it work as a an equally
flawed heuristic on IPv6.
Beside the cost of creating the data and fetching it, there's the cost
of caching it when people change the IP for every email sending attempt
What recipients really wish to know when they receive a connection is
how much address space is controlled by the connecting entity so that a
consistent reputation can be applied to all connections from that space.
Whether they construct that reputation themselves or acquire it from a
broker is not relevant -- they want to apply it to all addresses that a
sender controls.
We approximate this in IPv4 by using /32s (since few people control more
than a /24 -- so we get within a factor of 250 -- and there are not all
that many /18s and above ... so we can manually inspect the traffic from
each one on its merits, and yes there's a gap there).
We just can't use the same approximations for IPv6, but the reverse DNS
system is one place where we could store attestations about delegation
of address space ...
... if we don't build such a system where this information can be stored
for anyone to access for free then we're all going to end up paying
another set of brokers for the data needed to provide the granularity
measures our reputation systems must use
- --
Dr Richard Clayton <richard.clay...@cl.cam.ac.uk>
tel: 01223 763570, mobile: 07887 794090
Computer Laboratory, University of Cambridge, CB3 0FD
-----BEGIN PGP SIGNATURE-----
Version: PGPsdk version 1.7.1
iQA/AwUBVFPLKuINNVchEYfiEQIjbgCbBQSyfmInlRaW8X497OyNAKytMGIAn1Js
63oOrwA48IfcFtAuTBpwupMV
=awU9
-----END PGP SIGNATURE-----
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
