On Wed, 26 Jun 2002, Alain Durand wrote: > On Wednesday, June 26, 2002, at 11:38 AM, Thomas Narten wrote: > > > The IESG has reviewed this document and has a number of concerns. > > > > > > The IESG believes that the name space as provided by the DNS should > > not be mixed or "contaminated" with name resolutions performed using > > the ICMP mechanism. Doing so raises complex security and trust issues > > that have not been explored. > > > > The document should make it clear that name lookups using the icmp > > mechanism described in this document are never to be mixed with DNS > > name lookups. That is, no queries made to the DNS (or implicitely > > assumed to be going to the DNS) should get back responses that have > > been learned through the ICMP name lookup mechanism. > > I do not understand this comment. > Vendors have long learned how to integrate different name services: > DNS, NIS, NIS+, LDAP, Flat files....
These services have some reasonable security models .. > ICMP NI would just be one more service to integrate. .. this has not. -- Pekka Savola "Tell me of difficulties surmounted, Netcore Oy not those you stumble over and fall" Systems. Networks. Security. -- Robert Jordan: A Crown of Swords -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
