(continued from a separate thread, resending from a different address) >>>>> On Mon, 23 Oct 2006 15:05:46 -0400, >>>>> Andrew Sullivan <[EMAIL PROTECTED]> said:
> If you have other issues, please do raise them. I think we can have > answers for all the above prior to IETF-67, but if there are other > issues, I'd like to know about them. I'm afraid this version of draft does not fully address one fundamental issue. It first explains troubles in the use of reverse mappings (Section 3), and then suddenly recommends maintaining the mapping in Section 4.1. If I did not know the past controversy regarding this document, I'd be confused here, and ask why this document the deployment of the reverse mappings. I can think of possible answers: A. in order to support operators who heavily rely on reverse mappings for authentication or other security purposes, even though we know reverse mappings provide "no real security" (quoted from the draft). B. because reverse mappings can be a useful hint in some cases (e.g., in traceroute output) In either case (including "the answer is something else"), I believe this draft should clarify this 'why', and explain it at the beginning of Section 4. Also, if the answer is B, I personally think we should discourage such reliance more strongly. JINMEI, Tatuya Communication Platform Lab. Corporate R&D Center, Toshiba Corp. [EMAIL PROTECTED] . dnsop resources:_____________________________________________________ web user interface: http://darkwing.uoregon.edu/~llynch/dnsop.html mhonarc archive: http://darkwing.uoregon.edu/~llynch/dnsop/index.html