(continued from a separate thread, resending from a different address)
>>>>> On Mon, 23 Oct 2006 15:05:46 -0400,
>>>>> Andrew Sullivan <[EMAIL PROTECTED]> said:
> If you have other issues, please do raise them. I think we can have
> answers for all the above prior to IETF-67, but if there are other
> issues, I'd like to know about them.
I'm afraid this version of draft does not fully address one
fundamental issue. It first explains troubles in the use of reverse
mappings (Section 3), and then suddenly recommends maintaining the
mapping in Section 4.1. If I did not know the past controversy
regarding this document, I'd be confused here, and ask why this
document the deployment of the reverse mappings. I can think of
possible answers:
A. in order to support operators who heavily rely on reverse mappings
for authentication or other security purposes, even though we know
reverse mappings provide "no real security" (quoted from the
draft).
B. because reverse mappings can be a useful hint in some cases (e.g.,
in traceroute output)
In either case (including "the answer is something else"), I believe
this draft should clarify this 'why', and explain it at the beginning
of Section 4. Also, if the answer is B, I personally think we should
discourage such reliance more strongly.
JINMEI, Tatuya
Communication Platform Lab.
Corporate R&D Center, Toshiba Corp.
[EMAIL PROTECTED]
.
dnsop resources:_____________________________________________________
web user interface: http://darkwing.uoregon.edu/~llynch/dnsop.html
mhonarc archive: http://darkwing.uoregon.edu/~llynch/dnsop/index.html
