IETF Logo Mail Archive

Re: [dnsext] Some thoughts on the updated aliasing draft

"John R. Levine" <johnl@iecc.com> Mon, 28 March 2011 02:48 UTC

Return-Path: <johnl@iecc.com>
X-Original-To: dnsext@core3.amsl.com
Delivered-To: dnsext@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 416CF3A67AA for <dnsext@core3.amsl.com>; Sun, 27 Mar 2011 19:48:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -110.772
X-Spam-Level:
X-Spam-Status: No, score=-110.772 tagged_above=-999 required=5 tests=[AWL=0.427, BAYES_00=-2.599, HABEAS_ACCREDITED_SOI=-4.3, RCVD_IN_BSP_TRUSTED=-4.3, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CbXO2q6WkNf2 for <dnsext@core3.amsl.com>; Sun, 27 Mar 2011 19:48:34 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com [64.57.183.53]) by core3.amsl.com (Postfix) with ESMTP id 12C5A3A67A6 for <dnsext@ietf.org>; Sun, 27 Mar 2011 19:48:33 -0700 (PDT)
Received: (qmail 53907 invoked from network); 28 Mar 2011 02:50:10 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:vbr-info:user-agent:cleverness; s=d292.4d8ff762.k1103; i=johnl@submit.iecc.com; bh=AuSjV+fTz9Q2r0dyqZAqZH/njBjtNGxWsgxvVIqMpG8=; b=EidhxfN6ZE7INidunLJS49vlgSsDCnHtnq571wgdHnsNLKUkwkJ6IHSaWFHvIswcQ5vkelCLnPdvtm/ZKAEb1ZBFIcLsCpnffih5nMzAO2okn4+PceF8bXd5sYn/Aa/ZiinBz6/xnVzHMT8JPF46b5yhkhqkffpCKhM9gh18LMo=
VBR-Info: md=iecc.com; mc=all; mv=dwl.spamhaus.org
Received: (ofmipd johnl@64.57.183.62) with (DHE-RSA-AES256-SHA encrypted) SMTP; 28 Mar 2011 02:49:48 -0000
Date: Sun, 27 Mar 2011 22:50:10 -0400
Message-ID: <alpine.BSF.2.00.1103272215460.4245@joyce.lan>
From: "John R. Levine" <johnl@iecc.com>
To: Mark Andrews <marka@isc.org>
In-Reply-To: <20110328014717.6F0F9D8E7E9@drugs.dv.isc.org>
References: <20110327192512.90424.qmail@joyce.lan> <20110328014717.6F0F9D8E7E9@drugs.dv.isc.org>
User-Agent: Alpine 2.00 (BSF 1167 2008-08-23)
Cleverness: None detected
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"; format="flowed"
Cc: dnsext@ietf.org
Subject: Re: [dnsext] Some thoughts on the updated aliasing draft
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Mar 2011 02:48:37 -0000

> And SMTP had it correct for the second group.  If the SMTP client
> sees the CNAME it re-writes the names in the SMTP exchange to use
> the cannonical host name.  The SMTP server never see the alias.

Yes and no.  That works OK if you expect the CNAME to be a nickname for 
the real name, and the user is happy to see his message headers rewriten 
to use the canonical name.  It fails in the situation where the names are 
all equivalent, and you don't want the messages rewritten.

It also doesn't address the security issue, if you want the owner of the 
canoninical name to have control over what can be aliased to it.

> HTTP administrators often misuse CNAME.

True, but the horse is dead, and the carcass was long ago sold for 
dogfood, so I don't see the point of dredging it up again.

Regards,
John Levine, johnl@iecc.com, Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail. http://jl.ly

v2.23.0 | Report a Bug | By Email