On 23.10.2023 17:27, Michael Richardson wrote:
Maybe someone else can explain it back to me in a better way.
The fundamental issue is this: * If you are permitting an IP address in an ACL based on a name in a MUD file, the mapping to that address is valid for the greater of the TTL on the name or the state of a connection, assuming you have that state. If the state isn't there and endpoints inappropriately cache the name beyond TTL, That Would Be Bad. Eliot
_______________________________________________ OPSAWG mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsawg
