I think the weak semantic definition of this record makes it either not useful, or actively dangerous, depending on how the consumer of a record chooses to interpret it.
As I mentioned at the mic in dnsop, it looks to me like the core motivation of all of the described use cases are actually based around sending signals to anti-abuse researchers. If that is the case, then I think that should be clear. If those other use cases have other potential motivations for deploying the record, then those should be more clearly articulated. With the weak semantics I have concerns about how absent or unidirectional mappings might be interpreted by researchers. Where ignorance of the existence of the record might injure the operations of a domain, or where an attacker might gain advantage by associating themselves with a visually similar domain with which they are not actually associated. I think this needs to be thought about in a lot more detail, and at least have the risks fleshed out in the draft. Depending on the outcome of those discussions I may prefer to see stronger semantics before supporting the draft, or to see it abandoned entirely.
_______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
