Re: Context specific semantics was Re: uncooperative DNSBLs, was several messages
Ted Hardie <hardie@qualcomm.com> Fri, 14 November 2008 17:42 UTC
Return-Path: <ietf-bounces@ietf.org>
X-Original-To: ietf-archive@megatron.ietf.org
Delivered-To: ietfarch-ietf-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 19F0528C12A; Fri, 14 Nov 2008 09:42:51 -0800 (PST)
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A82B928C12A for <ietf@core3.amsl.com>; Fri, 14 Nov 2008 09:42:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -104.199
X-Spam-Level:
X-Spam-Status: No, score=-104.199 tagged_above=-999 required=5 tests=[AWL=-1.600, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tmjK6x5g3rKG for <ietf@core3.amsl.com>; Fri, 14 Nov 2008 09:42:48 -0800 (PST)
Received: from wolverine02.qualcomm.com (wolverine02.qualcomm.com [199.106.114.251]) by core3.amsl.com (Postfix) with ESMTP id 7A37C28C10D for <ietf@ietf.org>; Fri, 14 Nov 2008 09:42:48 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=qualcomm.com; i=hardie@qualcomm.com; q=dns/txt; s=qcdkim; t=1226684569; x=1258220569; h=mime-version:message-id:in-reply-to:references:date:to: from:subject:content-type:x-ironport-av; z=MIME-Version:=201.0|Message-ID:=20<p06240601c543670ca045 @[10.227.68.106]>|In-Reply-To:=20<20081114130618.62196.qm ail@simone.iecc.com>|References:=20<20081114130618.62196. qmail@simone.iecc.com>|Date:=20Fri,=2014=20Nov=202008=200 9:41:45=20-0800|To:=20John=20Levine=20<johnl@iecc.com>, =20"ietf@ietf.org"=20<ietf@ietf.org>|From:=20Ted=20Hardie =20<hardie@qualcomm.com>|Subject:=20Re:=20Context=20speci fic=20semantics=20was=20Re:=20uncooperative=20DNSBLs,=20w as=20=0D=0A=20several=20messages|Content-Type:=20text/pla in=3B=20charset=3D"us-ascii"|X-IronPort-AV:=20E=3DMcAfee =3Bi=3D"5100,188,5433"=3B=20a=3D"12926547"; bh=JgR8JnIR6xyMFV9fBVyatvBfwUp7pqIX7WqXrP/RpTA=; b=sp6B5Z3B7TnS6L0KlzmD3oAAoeZh7WPJaeTh4Sd7yaOwi4SczZTl4b6+ tqG3FAAbzgHVW0/KE1umjXu3ywp0XyOUOEmLD7NnGFgjdsCNbhbUPDXRC t9Oa3khnA5UW7mcg3MuJ/bpXFrLchQaLK100LG2vy5g/Q1agviyrywdqJ E=;
X-IronPort-AV: E=McAfee;i="5100,188,5433"; a="12926547"
Received: from pdmz-ns-mip.qualcomm.com (HELO numenor.qualcomm.com) ([199.106.114.10]) by wolverine02.qualcomm.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 14 Nov 2008 09:42:48 -0800
Received: from totoro.qualcomm.com (totoro.qualcomm.com [129.46.61.158]) by numenor.qualcomm.com (8.14.2/8.14.2/1.0) with ESMTP id mAEHgmZD028451 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Fri, 14 Nov 2008 09:42:48 -0800
Received: from nasanexhub01.na.qualcomm.com (nasanexhub01.na.qualcomm.com [10.46.93.121]) by totoro.qualcomm.com (8.14.2/8.14.2/1.0) with ESMTP id mAEHgdi3010985 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NOT); Fri, 14 Nov 2008 09:42:48 -0800 (PST)
Received: from nasanexmsp01.na.qualcomm.com (10.45.56.204) by nasanexhub01.na.qualcomm.com (10.46.93.121) with Microsoft SMTP Server (TLS) id 8.1.311.2; Fri, 14 Nov 2008 09:41:48 -0800
Received: from [10.227.68.106] (10.46.82.6) by qcmail1.qualcomm.com (10.45.56.204) with Microsoft SMTP Server (TLS) id 8.1.291.1; Fri, 14 Nov 2008 09:41:48 -0800
MIME-Version: 1.0
Message-ID: <p06240601c543670ca045@[10.227.68.106]>
In-Reply-To: <20081114130618.62196.qmail@simone.iecc.com>
References: <20081114130618.62196.qmail@simone.iecc.com>
Date: Fri, 14 Nov 2008 09:41:45 -0800
To: John Levine <johnl@iecc.com>, "ietf@ietf.org" <ietf@ietf.org>
From: Ted Hardie <hardie@qualcomm.com>
Subject: Re: Context specific semantics was Re: uncooperative DNSBLs, was several messages
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: ietf-bounces@ietf.org
Errors-To: ietf-bounces@ietf.org
At 5:06 AM -0800 11/14/08, John Levine wrote: > >The whole approach here is "An A record in this zone has a meaning >>different from the meaning in other zones". That creates a DNS >>context for the RRTYPE based on the zone of the query, which is not >>what the DNS currently uses for disambiguating the types of >>requests/responses. > >Didn't that plan go out the window in 1996 with RFC 2052? Sorry, what about SRV made RRTYPE not significant? Sorry to be dense, but I don't understand your point here. > > Using a different RR type puts you back into the standard way of >> doing things. > >Hypothetically speaking, I sort of agree with you. But considering >that to a rough order of magnitude, all the MTAs on the net use DNSBLs >the way they work now, you'd expect the ground to be littered with >bodies if reusing A records caused actual damage. >The only damage I've seen, and I think the only damage anyone else has >seen, is when a speculator puts a wildcard on an abandoned DNSBL >domain. That's why I documented the pair of test addresses, to defend >against that. It's certainly a band-aid, but like real life band-aids >it does the job without making things worse and easily enough that >people are actually likely to do it. What you're proposing is a skin >graft, which would be more elegant if it happened, but it won't. I believe Andrew and Olafur quite sensibly proposed that this change go forward with a transition to allow for increasing numbers of v6 addresses. There are other ways to accomplish a transition, obviously, but I didn't hear them say (and I didn't mean to say) "stop what you're doing *right now* or the Internet police will round you up". They suggested a way of moving back to the actual DNS model while not breaking existing systems. For very good reasons, few of the people putting together systems are really aware of the full context in which an RFC gets written; that means many of the readers are looking to one or two RFCs as a pattern for what they wish to do. If you write into a standard "Reusing A records is fine, provided you have a disambiguating domain name", you can expect other people to use that outside the original context. The real damage might well occur when it leaks out of DNSBLs into the next bright spark for web-based reputation or something similar. regards, Ted Hardie >Regards, >John Levine, johnl@iecc.com, Primary Perpetrator of "The Internet for Dummies", >Information Superhighwayman wanna-be, http://www.johnlevine.com, ex-Mayor >"More Wiener schnitzel, please", said Tom, revealingly. _______________________________________________ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
- Re: several messages der Mouse
- Re: several messages David Morris
- Re: several messages Dean Anderson
- Re: several messages Randy Presuhn
- Re: several messages David Morris
- Re: several messages Matthias Leisi
- Re: several messages Steve Linford
- Re: several messages Peter Dambier
- Re: several messages Steve Linford
- Re: several messages Keith Moore
- Re: several messages der Mouse
- Re: several messages Chris Lewis
- Re: several messages Mark Andrews
- Re: several messages der Mouse
- Re: several messages Chris Lewis
- Re: several messages David Romerstein
- Re: several messages Randy Presuhn
- Re: several messages Chris Lewis
- Re: several messages David Romerstein
- Re: several messages David Romerstein
- Re: several messages Keith Moore
- Re: several messages Chris Lewis
- Re: several messages Al Iverson
- More anti-spam (was: Re: several messages) John C Klensin
- RE: several messages michael.dillon
- Re: several messages Matthias Leisi
- Re: several messages Mark Andrews
- Re: several messages David Morris
- Re: several messages Al Iverson
- Re: uncooperative DNSBLs, was several messages John Levine
- Re: uncooperative DNSBLs, was several messages Jim Hill
- Re: several messages John C Klensin
- Re: several messages Al Iverson
- RE: several messages Hallam-Baker, Phillip
- Re: uncooperative DNSBLs, was several messages Matthias Leisi
- Re: uncooperative DNSBLs, was several messages Al Iverson
- RE: several messages Anthony Purcell
- Re: uncooperative DNSBLs, was several messages Dave CROCKER
- Re: several messages der Mouse
- Re: uncooperative DNSBLs, was several messages Andrew Sullivan
- Re: uncooperative DNSBLs, was several messages David Romerstein
- Re: uncooperative DNSBLs, was several messages Jim Hill
- Re: several messages Chris Lewis
- Re: uncooperative DNSBLs, was several messages Chris Lewis
- Re: uncooperative DNSBLs, was several messages John C Klensin
- Re: uncooperative DNSBLs, was several messages Dave CROCKER
- Re: uncooperative DNSBLs, was several messages Tony Finch
- Re: uncooperative DNSBLs, was several messages Andrew Sullivan
- Re: uncooperative DNSBLs, was several messages John C Klensin
- Re: uncooperative DNSBLs, was several messages Matthias Leisi
- Re: uncooperative DNSBLs, was several messages Al Iverson
- Re: uncooperative DNSBLs, was several messages Andrew Sullivan
- Re: uncooperative DNSBLs, was several messages John C Klensin
- Re: uncooperative DNSBLs, was several messages Ted Hardie
- Re: uncooperative DNSBLs, was several messages Matthias Leisi
- Re: uncooperative DNSBLs, was several messages Ted Hardie
- Re: uncooperative DNSBLs, was several messages Tony Finch
- Context specific semantics was Re: uncooperative … Ted Hardie
- Clarifying harm to DNS (was: uncooperative DNSBLs… Andrew Sullivan
- Re: Context specific semantics was Re: uncooperat… Ted Hardie
- Re: uncooperative DNSBLs, IETF misinformation (wa… Steve Linford
- RE: Context specific semantics was Re: uncooperat… Hallam-Baker, Phillip
- Re: uncooperative DNSBLs, was several messages Peter Dambier
- Re: uncooperative DNSBLs, was several messages David Romerstein
- Re: uncooperative DNSBLs, was several messages Peter Dambier
- Re: uncooperative DNSBLs, was several messages Keith Moore
- Re: uncooperative DNSBLs, was several messages Chris Lewis
- RE: uncooperative DNSBLs, IETF misinformation (wa… michael.dillon
- Re: uncooperative DNSBLs, IETF misinformation (wa… Steve Linford
- RE: uncooperative DNSBLs, IETF misinformation (wa… michael.dillon
- Re: Context specific semantics was Re: uncooperat… Tony Finch
- Re: Context specific semantics was Re: uncooperat… John Levine
- RE: Context specific semantics was Re: uncooperat… Hardie, Ted
- RE: Context specific semantics was Re: uncooperat… Tony Finch
- Re: several messages Rich Kulawiec
- Re: uncooperative DNSBLs, was several messages Rich Kulawiec
- Re: uncooperative DNSBLs, IETF misinformation (wa… Al Iverson
- Re: Context specific semantics was Re: uncooperat… Ted Hardie
- RE: Context specific semantics was Re: uncooperat… Ted Hardie
- Re: several messages John C Klensin
- Re: several messages Al Iverson
- Re: Context specific semantics was Re: uncooperat… John L
- RE: uncooperative DNSBLs, IETF misinformation (wa… michael.dillon
- Re: uncooperative DNSBLs, IETF misinformation (wa… Al Iverson
- RE: uncooperative DNSBLs, IETF misinformation (wa… michael.dillon
- Re: several messages John C Klensin
- Re: several messages Chris Lewis
- Re: uncooperative DNSBLs, IETF misinformation (wa… Keith Moore
- Re: several messages Al Iverson
- RE: several messages michael.dillon
- Re: uncooperative DNSBLs, IETF misinformation (wa… Al Iverson
- Re: Context specific semantics was Re: uncooperat… Ted Hardie
- Re: Context specific semantics was Re: uncooperat… Douglas Otis
- Re: uncooperative DNSBLs, IETF misinformation (wa… Theodore Tso
- Re: Context specific semantics was Re: uncooperat… Theodore Tso
- Re: uncooperative DNSBLs, IETF misinformation (wa… Chris Lewis
- Re: more bad ideas, was uncooperative DNSBLs, was… John Levine
- Re: more bad ideas, was uncooperative DNSBLs, was… Chris Lewis
- Re: Context specific semantics was Re: uncooperat… John L
- Detecting and disabling bad DNSBLs Peter Dambier
- Re: Detecting and disabling bad DNSBLs Steve Linford
- Re: several messages Pekka Savola
- Re: more bad ideas, was uncooperative DNSBLs, was… Keith Moore
- Re: several messages Rich Kulawiec
- Is USA qualified for 2.3 of draft-palet-ietf-meet… YAO
- RE: [73attendees] Is USA qualified for 2.3 ofdraf… Song Haibin
- Re: several messages Tom.Petch
- Re: [73attendees] Is USA qualified for 2.3 of dra… Phillip Hallam-Baker
- Re: [73attendees] Is USA qualified for 2.3 of dra… james woodyatt
- Re: several messages John C Klensin