IETF Logo Mail Archive

Re: [mif] [DNSOP] [dnsext] 2nd Last Call for MIF DNS server selection document

Ted Lemon <Ted.Lemon@nominum.com> Fri, 21 October 2011 15:19 UTC

Return-Path: <Ted.Lemon@nominum.com>
X-Original-To: mif@ietfa.amsl.com
Delivered-To: mif@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3D50F21F8B3D; Fri, 21 Oct 2011 08:19:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.535
X-Spam-Level:
X-Spam-Status: No, score=-106.535 tagged_above=-999 required=5 tests=[AWL=0.062, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zgKyUCzLPAEQ; Fri, 21 Oct 2011 08:19:08 -0700 (PDT)
Received: from exprod7og111.obsmtp.com (exprod7og111.obsmtp.com [64.18.2.175]) by ietfa.amsl.com (Postfix) with ESMTP id 0B68021F8AD8; Fri, 21 Oct 2011 08:19:07 -0700 (PDT)
Received: from shell-too.nominum.com ([64.89.228.229]) (using TLSv1) by exprod7ob111.postini.com ([64.18.6.12]) with SMTP; Fri, 21 Oct 2011 08:19:08 PDT
Received: from archivist.nominum.com (archivist.nominum.com [64.89.228.108]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "*.nominum.com", Issuer "Go Daddy Secure Certification Authority" (verified OK)) by shell-too.nominum.com (Postfix) with ESMTP id BEA181B827A; Fri, 21 Oct 2011 08:19:06 -0700 (PDT)
Received: from webmail.nominum.com (cas-01.win.nominum.com [64.89.228.131]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (Client CN "mail.nominum.com", Issuer "Go Daddy Secure Certification Authority" (verified OK)) by archivist.nominum.com (Postfix) with ESMTPS id B6735190065; Fri, 21 Oct 2011 08:19:06 -0700 (PDT) (envelope-from Ted.Lemon@nominum.com)
Received: from MBX-01.WIN.NOMINUM.COM ([64.89.228.133]) by CAS-01.WIN.NOMINUM.COM ([64.89.228.131]) with mapi id 14.01.0323.003; Fri, 21 Oct 2011 08:19:07 -0700
From: Ted Lemon <Ted.Lemon@nominum.com>
To: Keith Moore <moore@network-heretics.com>
Thread-Topic: [DNSOP] [dnsext] [mif] 2nd Last Call for MIF DNS server selection document
Thread-Index: AQHMkAQNa5aq/ROWxEuy8rvfsHIUPpWHXtwA
Date: Fri, 21 Oct 2011 15:19:06 +0000
Message-ID: <F932CA9C-3489-48AC-A454-5B7A91CF129A@nominum.com>
References: <COL118-W55403198A984BAAE44BA47B1F70@phx.gbl> <916CE6CF87173740BC8A2CE44309696203782D75@008-AM1MPN1-037.mgdnok.nokia.com> <121DABD1-65E8-4275-8471-9FA38D25C434@nominet.org.uk> <916CE6CF87173740BC8A2CE44309696203783EE0@008-AM1MPN1-037.mgdnok.nokia.com> <4EA09791.8010705@gmail.com> <C8398996-79B5-437E-82A5-6B869ECF8F4E@network-heretics.com> <94C2E518-F34F-49E4-B15C-2CCCFAA96667@virtualized.org> <12477381-9F74-4C50-B576-47EE4322F6BC@network-heretics.com> <CAH1iCiqsN-R87VK3vKityPsY+NXA=0DRASYf_vmBSy8gvYwHdQ@mail.gmail.com> <916CE6CF87173740BC8A2CE44309696203784B27@008-AM1MPN1-037.mgdnok.nokia.com> <708F3212-3C9C-4B61-AA77-EFA8F1CA5B04@nominum.com> <30B1AE01-0A35-48D2-91AF-46FC8B60466C@network-heretics.com>
In-Reply-To: <30B1AE01-0A35-48D2-91AF-46FC8B60466C@network-heretics.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [192.168.1.10]
Content-Type: multipart/alternative; boundary="_000_F932CA9C348948ACA4545B7A91CF129Anominumcom_"
MIME-Version: 1.0
Cc: DHC WG <dhcwg@ietf.org>, "dnsop@ietf.org WG" <dnsop@ietf.org>, "<mif@ietf.org>" <mif@ietf.org>, dnsext List <dnsext@ietf.org>
Subject: Re: [mif] [DNSOP] [dnsext] 2nd Last Call for MIF DNS server selection document
X-BeenThere: mif@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Multiple Interface Discussion List <mif.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mif>, <mailto:mif-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mif>
List-Post: <mailto:mif@ietf.org>
List-Help: <mailto:mif-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mif>, <mailto:mif-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Oct 2011 15:19:09 -0000

On Oct 21, 2011, at 11:13 AM, Keith Moore wrote:
IMO: search lists are useful, but only with "bare names" - and the behavior of those should be implementation dependent.  Trying to nail it down will break too much widespread practice.

On a desktop workstation they are useful, because you can largely trust the security of the physical network.   On mobile nodes, though, they are harmful, because they open up a really easy avenue for exploit.

On MIF nodes, they also open up potential for mistakes.   So if we are to meet the spirit of your request here, it will still require a document describing what the mistakes are, and providing advice on how to avoid them.

v2.23.0 | Report a Bug | By Email