Re: DNS Blacklist Policy Design

Mon, 05 Jun 2006 21:07:54 -0700 

>...
>From: "List Mail User" <[EMAIL PROTECTED]>
>
>> >...
>>>From: "List Mail User" <[EMAIL PROTECTED]>
>>>
>>>> All of this would use up 6 bits and still leave 17 for any other
>>>> purposes you have in mind (assuming codes from 127.0.0.2 to 127.0.0.126).
>>>
>>>Uses up 6 of the 7 bits in that range, Paul. Did you mean 127.0.0.2
>>>through 127.255.255.254?
>>>
>>>{o.o}
>>>
>> 
>> No I meant 127.0.0.2 to 127.0.0.126;  The bitmask '6' would check
>> the "bad" bits;  '24' the "good" bits; '32' for "well-known";  And '64'
>> for a recent offender.  The bottom bit can't be safely used if it can
>> be set alone (i.e. result in 127.0.0.1) and the top bit isn't needed.
>> Using the #1 bit (value 2) for any purpose is just redundant and not
>> needed.  (Using bit numbering starting at zero, and drawing little
>> endian for all of the programmers brought up on Intel  documentation.)
>> 
>> So I really did mean the 6 bits as below (warning ASCII art)
>> 
>> 128      64       32       16        8        4        2        1
>> -------------------------------------------------------------------
>> unused   recent well-known   (good bits)       (bad bits)      unusable
>
>OK you meant 2 to 126 was used not that the ultimately usable bits
>extends over that range, which is what I had read your statement to
>mean. I took the parenthetical expression to be referring to the
>"17 for any other purposes" as opposed to the "6 bits" used up.
>
>{^_^}
>
>
        Back on-list:-)

        Actually, on reflection, since the "well-known" bit should never
occur alone without other bits, it could use bit 0 (value '1') and the BL
could them have 18 bits to spare (i.e. move "recent" to bit 5, value '32')
and use the range from 127.0.0.2 up to 127.0.0.63 - a total of 62 cases,
most of which wouldn't not need to be returned by the DNS server, but
could be useful with meta rules for "good guy"/"negative SA scoring"
(e.g. a domain with only "good bits", anti-fraud measures and a "good"
reputation value could be given a small negative score - negative SA
scores are very valuable becaue they are hard to construct in a way that
can not be gamed/defrauded - for eample, "good bits" only, SPF or DK/DKIM
and HASHCASH, BSP, HABEAS, IATB or maybe even SIQ or the commercial version
of DCC's reputation value).

        Paul Shupak
        [EMAIL PROTECTED]

Reply via email to