Our AD (and others) have asked if we could review draft-malamud-keyword-discovery-03.txt. If you have the time, a critical review would be much appreciated.
Brief update. The IESG would like our feedback on this document within a 2 weeks, if possible (say by around 15 Apr 2005).
In trying to get the folks to take a peek and to get the comments started, here's my opinion (already expressed in another forum):
This seems like an interesting approach, but I do not think the implications of this have been sufficiently reviewed, especially by the DNSOPs community. Maybe this would also warrant a bit more discussion in the "anti-spam" communitities (whichever those are).
....
The document seems to assume that the users are able to insert properly formatted and correct solicitation keywords in the message, which can be sanely parsed by a computer.
Effectively, this allows anyone to perform a DoS on someone else's resources (assuming specifying something like net.example.adv would result in everyone going and taking a look at "adv" policy at example.net -- thus flooding example.net).
A maliscious advertiser could also insert improperly formatted keywords, or insert 100 such keywords which will time out, consuming even more processing than receiving the message would have done.
Improperly formatted entries like 'No-Solicit: dont-spam-me-plaase' also cause the root servers to be bombarded with bogus DNS queries. Maybe the parser needs to discard some more bogus entries, but how to do that properly is an open issue.
This should probably be discussed in the draft, and security issues fleshed out in Security Considerations.
-- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings . dnsop resources:_____________________________________________________ web user interface: http://darkwing.uoregon.edu/~llynch/dnsop.html mhonarc archive: http://darkwing.uoregon.edu/~llynch/dnsop/index.html
