[dnsop] Review of draft-ietf-dnsop-inaddr-required

Fri, 27 Jan 2006 15:19:46 -0800 

Hello,

Last December, I committed to review
draft-ietf-dnsop-inaddr-required.  My apologies for being late with
this.

I have read draft-ietf-dnsop-inaddr-required-07.txt.  I have also
reviewed the archives about the history of this document.  I have
some reservations, although not ones I think are significant.  It
appears to me that there is something slightly confusing to users
about the draft.

The discussion in section 3 notes that there are a number of
unfortunate consequences of missing IN-ADDR.  It seems to me
therefore that the recommendations in section 4 come out as a little
too ambivalent: the suggestion appears to be that IN-ADDR is a good
thing, but that people shouldn't really use it.  In particular, one
reading of section 4.2 very nearly says, "You can't, and shouldn't,
use IN-ADDR."  If, however, I'm reading this right, the idea is more
strongly expressed as, "Applications SHOULD NOT rely [exclusively] on
IN-ADDR for proper operation".  I'd also like to see softenend the
part that says, "generally just increases load on DNS servers," to
"often" or even "almost always just increases load on DNS servers."

The reason I think this is that there are some cases where IN-ADDR,
particularly coupled with the lookup from the PTR, is still a good
basis on which to take a decision.  Email remains, I suspect, the
best example, because of the hordes of spambot nets.  If one's
bandwidth is being completely consumed by illegitimate email
attempts, then choosing to reject connections on what would otherwise
be an illegitimate basis might be defensible in that case.

The other trouble I see is that the document appears to suggest that
the IN-ADDR strategy is a bad way to apply "points" when
automatically evaluating mail as possibly spam.  I'm aware that there
are a lot of other methods for handling this, and that it is a rare
case when the strategy will actually help.  But some pointers to
those other methods would probably be needed if one is going to
convince people not to continue to rely on this method.  

Best regards,
Andrew

-- 
----
Andrew Sullivan                         204-4141 Yonge Street
Afilias Canada                        Toronto, Ontario Canada
<[EMAIL PROTECTED]>                              M2P 2A8
                                        +1 416 646 3304 x4110

.
dnsop resources:_____________________________________________________
web user interface: http://darkwing.uoregon.edu/~llynch/dnsop.html
mhonarc archive: http://darkwing.uoregon.edu/~llynch/dnsop/index.html

Reply via email to