On 13 Mar 2018, at 11:22, Ted Lemon <mel...@fugue.com> wrote: > On Mar 13, 2018, at 11:16 AM, Joe Abley <jab...@90.212.199.in-addr.arpa> > wrote: > >> I think that if Tony can be d...@dotat.at, surely I can be >> jab...@90.212.199.in-addr.arpa. >> >> A zone is a zone. ARPA is only special by convention, not by protocol. > > Yup. > > Thinking through the threat model here, when would this even work?
The canonical service that is difficult to use (or at least bootstrap) by name rather than address is the DNS. If we imagine the intersection of the DNS and TLS to be non-zero, there's your use case. This was Paul's point. DNS resolvers are normally referred to by address. This does imply a need for address stability, and a lack of the kind of agility that is possible in other services. People who have renumbered popular resolvers whose failure has real end-user impact are nodding right now. And possibly checking their pockets for valium. Joe _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop