Re: Services and top-level DNS names (was: Re: Update of RFC 2606

John C Klensin <john-ietf@jck.com> Mon, 07 July 2008 16:25 UTC

Return-Path: <ietf-bounces@ietf.org>
X-Original-To: ietf-archive@megatron.ietf.org
Delivered-To: ietfarch-ietf-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 782533A69D4; Mon, 7 Jul 2008 09:25:10 -0700 (PDT)
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 104DC3A69D4 for <ietf@core3.amsl.com>; Mon, 7 Jul 2008 09:25:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.124
X-Spam-Level:
X-Spam-Status: No, score=-2.124 tagged_above=-999 required=5 tests=[AWL=0.475, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 46ZQ5lC2hbs5 for <ietf@core3.amsl.com>; Mon, 7 Jul 2008 09:25:08 -0700 (PDT)
Received: from bs.jck.com (ns.jck.com [209.187.148.211]) by core3.amsl.com (Postfix) with ESMTP id E5D9F3A65A6 for <ietf@ietf.org>; Mon, 7 Jul 2008 09:25:07 -0700 (PDT)
Received: from [127.0.0.1] (helo=p3.JCK.COM) by bs.jck.com with esmtp (Exim 4.34) id 1KFtWY-000O9M-PX; Mon, 07 Jul 2008 12:25:11 -0400
Date: Mon, 07 Jul 2008 12:25:09 -0400
From: John C Klensin <john-ietf@jck.com>
To: Mark Andrews <Mark_Andrews@isc.org>, John Levine <johnl@iecc.com>
Subject: Re: Services and top-level DNS names (was: Re: Update of RFC 2606
Message-ID: <41C0AA5BE72A51344F410D1E@p3.JCK.COM>
In-Reply-To: <200807070030.m670UIR1073241@drugs.dv.isc.org>
References: <200807070030.m670UIR1073241@drugs.dv.isc.org>
X-Mailer: Mulberry/4.0.8 (Win32)
MIME-Version: 1.0
Content-Disposition: inline
Cc: ietf@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: ietf-bounces@ietf.org
Errors-To: ietf-bounces@ietf.org


--On Monday, 07 July, 2008 10:30 +1000 Mark Andrews
<Mark_Andrews@isc.org> wrote:

>...
> 	If / when MIT stop using ai.mit.edu, "user@ai" will not longer
> 	mean user@ai.mit.edu.  This will mean that any configuration
> file 	that has "user@ai" will now, suddenly, get a different
> meaning. 	This is a latent security issue.

Mark,

While I'm basically sympathetic to the position you are taking
on this, we have recommended for years and years (since the CS.
incident, if not earlier), that things like configuration files
use FQDNs and only FQDNs.  SMTP imposes the same requirement on
addresses in MAIL and RCPT commands.  

If user@ai is in a config file with the intent of identifying
user@ai.mit.edu then the config file is broken.    Conversely,
if the config file format is intended to permit references to
TLDs, I would hope that it would be possible to write "ai." if
the TLD were intended.

Personally, I'm very concerned about what users type and what
happens after that.  For configuration files and the like, I
believe that we have a case of bad design if the interpretation
of the configuration is dependent on things outside the scope of
that file and, in particular, if there is a dependency on DNS
search procedures rather than one explicit FQDNs.

Quoting from your comment about Firefox, "Two wrongs don't make
a right.  They just make two things that need to be fixed."

    john


_______________________________________________
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf