IETF Logo Mail Archive

Re: [DNSOP] Working Group Last Call draft-ietf-dnsop-isp-ip6rdns

"Howard, Lee" <lee.howard@twcable.com> Mon, 09 May 2016 18:41 UTC

Return-Path: <lee.howard@twcable.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E88F312B02D for <dnsop@ietfa.amsl.com>; Mon, 9 May 2016 11:41:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.897
X-Spam-Level:
X-Spam-Status: No, score=-2.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.996, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DgYap8H8LMMR for <dnsop@ietfa.amsl.com>; Mon, 9 May 2016 11:41:09 -0700 (PDT)
Received: from cdpipgw02.twcable.com (cdpipgw02.twcable.com [165.237.59.23]) by ietfa.amsl.com (Postfix) with ESMTP id 52C7E12B015 for <dnsop@ietf.org>; Mon, 9 May 2016 11:41:08 -0700 (PDT)
X-SENDER-IP: 10.64.163.159
X-SENDER-REPUTATION: None
X-IronPort-AV: E=Sophos;i="5.24,601,1454994000"; d="scan'208";a="1054492403"
Received: from unknown (HELO exchpapp18.corp.twcable.com) ([10.64.163.159]) by cdpipgw02.twcable.com with ESMTP/TLS/AES256-SHA; 09 May 2016 14:25:34 -0400
Received: from EXCHPAPP15.corp.twcable.com (10.64.163.156) by exchpapp18.corp.twcable.com (10.64.163.159) with Microsoft SMTP Server (TLS) id 15.0.1156.6; Mon, 9 May 2016 14:31:54 -0400
Received: from EXCHPAPP15.corp.twcable.com ([10.245.162.20]) by exchpapp15.corp.twcable.com ([10.245.162.20]) with mapi id 15.00.1156.000; Mon, 9 May 2016 14:31:54 -0400
From: "Howard, Lee" <lee.howard@twcable.com>
To: 神明達哉 <jinmei@wide.ad.jp>, Ted Lemon <mellon@fugue.com>
Thread-Topic: [DNSOP] Working Group Last Call draft-ietf-dnsop-isp-ip6rdns
Thread-Index: AQHRpWUV1AkFAMdUI0i5KTqGVTyYWp+pL50AgAMy74CAACh5AIAEqq+A///Bn4A=
Date: Mon, 09 May 2016 18:31:54 +0000
Message-ID: <0867A10E-05DB-4427-8BA4-05432E81D9C1@twcable.com>
References: <9c79a64e-9317-75fd-6592-25fd76cfd47f@gmail.com> <CAJE_bqchx1FDhUpzFSGw3C1205KxutpwYXBFPGLZn+ArNNxKPA@mail.gmail.com> <CAPt1N1mJBwUzsjeQGd7mpQz26ZO=BpOvunZ0dcq6p1kZ+kSz-Q@mail.gmail.com> <CAJE_bqfOgzi1zOXB10Jz1g4m8E--GSfmCPTH2=NLwmoyHGM+Jg@mail.gmail.com> <CAPt1N1=iSaFnoCVds6F1KWNQfKgTNudHbW1RZfymwfcTWHo0jA@mail.gmail.com> <CAJE_bqeK1wj-8UOq6Ap4-iAjLUBJ8cvbM-j7sOiqOK6ZWD567g@mail.gmail.com>
In-Reply-To: <CAJE_bqeK1wj-8UOq6Ap4-iAjLUBJ8cvbM-j7sOiqOK6ZWD567g@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/0.0.0.150911
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.64.163.240]
x-tm-as-product-ver: SMEX-11.0.0.1191-8.000.1202-22310.005
x-tm-as-result: No--49.390400-8.000000-31
x-tm-as-user-approved-sender: No
x-tm-as-user-blocked-sender: No
Content-Type: text/plain; charset="utf-8"
Content-ID: <C02EE064DBD22645868C7ED38EACA353@twcable.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/1NTwb2nARSy7-05UldkxL70SSLA>
Cc: Tim Wicinski <tjw.ietf@gmail.com>, dnsop <dnsop@ietf.org>
Subject: Re: [DNSOP] Working Group Last Call draft-ietf-dnsop-isp-ip6rdns
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 May 2016 18:41:13 -0000





On 5/9/16, 2:15 PM, "DNSOP on behalf of 神明達哉" <dnsop-bounces@ietf.org on behalf of jinmei@wide.ad.jp> wrote:

>At Fri, 6 May 2016 14:59:12 -0400,
>Ted Lemon <mellon@fugue.com> wrote:
>
>> >   While a reverse mapping is generally useful for informational
>> >   purposes, some people use it even more aggressively, such as for
>> >   access control or host validation based on the existence of a
>> >   reverse mapping, and often also on matching between the reverse and
>> >   forward mapping.  It is believed that those practices are not very
>> >   effective at best, especially for their side effect of punishing
>> >   otherwise-legitimate users and their service providers.  Although an
>> >   ideal solution to this is to encourage stopping those harmful
>> >   practices possibly with replacing them with more effective ones,
>> >   the sad operational reality is that it's less likely that the
>> >   operators employing those practices will listen anytime soon.  Until
>> >   then, the victim end users and their service providers will pay the
>> >   cost of the practices, and the only realistic intermediate remedy is
>> >   to provide required reverse mappings and often ensure the
>> >   revers-forward match.  This document shows possible options on how
>> >   to do this for those latter types of operators.
>>
>> The problem with this text when it was proposed before (it was proposed
>> before!) is that not everybody agrees on it either.   So last time we had
>> this discussion (which we have had more than once already, not counting
>> this time), we decided to just be neutral, rather than either saying "this
>> is a bad idea" or "this is a great idea."   I think the document is still
>> useful, because honestly I do not think it is going to make much difference
>> as far as host name checking goes.   I think if we want host name checking
>> to die, we should talk to authors of open source software that support this
>> feature into taking it out.   I think, for example, that openssh does this.
>>   Maybe we should talk to them.
>
>To be clear, I didn't (yet) intend to suggest using the above text in
>the draft.  It was just to see whether we are basically on the same
>page if we described it without trying to be *too neutral* or whether
>we are in disagreement on some more fundamental point.  Interpreting
>the above response as it's the former, and hopefully some more share
>the same view, I'd personally like to propose including some text like
>this - it could be weakened if some part of it is considered
>controversial, but I'd at least like to do the harm as a result of
>being afraid of controversial and being too neutral (and therefore
>ambiguous).
>
>Of course, this is just one personal feedback.  As you said it may be
>that we can't simply agree on any kind of this text.  It's ultimately
>up to the wg to decide.

I think we tried this in 2006-2008 with reverse-mapping-considerations, and in 2009 with early versions of this draft, and occasionally in the following years. I think the existing document balances the considerations and represents, if not everyone's opinion, the best consensus that currently exists.

Lee

>
>--
>JINMEI, Tatuya
>
>_______________________________________________
>DNSOP mailing list
>DNSOP@ietf.org
>https://www.ietf.org/mailman/listinfo/dnsop

________________________________

This E-mail and any of its attachments may contain Time Warner Cable proprietary information, which is privileged, confidential, or subject to copyright belonging to Time Warner Cable. This E-mail is intended solely for the use of the individual or entity to which it is addressed. If you are not the intended recipient of this E-mail, you are hereby notified that any dissemination, distribution, copying, or action taken in relation to the contents of and attachments to this E-mail is strictly prohibited and may be unlawful. If you have received this E-mail in error, please notify the sender immediately and permanently delete the original and any copy of this E-mail and any printout.

v2.23.0 | Report a Bug | By Email