IETF Logo Mail Archive

Re: [mif] [dnsext] [DNSOP] 2nd Last Call for MIF DNS server selection document

Ted Lemon <Ted.Lemon@nominum.com> Sun, 23 October 2011 19:16 UTC

Return-Path: <Ted.Lemon@nominum.com>
X-Original-To: mif@ietfa.amsl.com
Delivered-To: mif@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2E9E421F8AFB; Sun, 23 Oct 2011 12:16:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.543
X-Spam-Level:
X-Spam-Status: No, score=-106.543 tagged_above=-999 required=5 tests=[AWL=0.055, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CaOR2W2z9cxV; Sun, 23 Oct 2011 12:16:57 -0700 (PDT)
Received: from exprod7og114.obsmtp.com (exprod7og114.obsmtp.com [64.18.2.215]) by ietfa.amsl.com (Postfix) with ESMTP id A319221F8AF1; Sun, 23 Oct 2011 12:16:56 -0700 (PDT)
Received: from shell-too.nominum.com ([64.89.228.229]) (using TLSv1) by exprod7ob114.postini.com ([64.18.6.12]) with SMTP; Sun, 23 Oct 2011 12:16:57 PDT
Received: from archivist.nominum.com (archivist.nominum.com [64.89.228.108]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "*.nominum.com", Issuer "Go Daddy Secure Certification Authority" (verified OK)) by shell-too.nominum.com (Postfix) with ESMTP id 984601B8100; Sun, 23 Oct 2011 12:16:46 -0700 (PDT)
Received: from webmail.nominum.com (cas-02.win.nominum.com [64.89.228.132]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (Client CN "mail.nominum.com", Issuer "Go Daddy Secure Certification Authority" (verified OK)) by archivist.nominum.com (Postfix) with ESMTPS id E5345190061; Sun, 23 Oct 2011 12:16:44 -0700 (PDT) (envelope-from Ted.Lemon@nominum.com)
Received: from MBX-01.WIN.NOMINUM.COM ([64.89.228.133]) by CAS-02.WIN.NOMINUM.COM ([64.89.228.132]) with mapi id 14.01.0323.003; Sun, 23 Oct 2011 12:16:44 -0700
From: Ted Lemon <Ted.Lemon@nominum.com>
To: Matthew Pounsett <matt@conundrum.com>
Thread-Topic: [dnsext] [DNSOP] [mif] 2nd Last Call for MIF DNS server selection document
Thread-Index: AQHMkOpvITs2+PZEH0y/sWnZoIPa2ZWJMvoAgAC9ioCAANObgA==
Date: Sun, 23 Oct 2011 19:16:44 +0000
Message-ID: <A3FA9584-ECE7-4EA0-8F86-F3CD483F96E8@nominum.com>
References: <COL118-W55403198A984BAAE44BA47B1F70@phx.gbl> <916CE6CF87173740BC8A2CE44309696203782D75@008-AM1MPN1-037.mgdnok.nokia.com> <121DABD1-65E8-4275-8471-9FA38D25C434@nominet.org.uk> <916CE6CF87173740BC8A2CE44309696203783EE0@008-AM1MPN1-037.mgdnok.nokia.com> <4EA09791.8010705@gmail.com> <C8398996-79B5-437E-82A5-6B869ECF8F4E@network-heretics.com> <94C2E518-F34F-49E4-B15C-2CCCFAA96667@virtualized.org> <12477381-9F74-4C50-B576-47EE4322F6BC@network-heretics.com> <CAH1iCiqsN-R87VK3vKityPsY+NXA=0DRASYf_vmBSy8gvYwHdQ@mail.gmail.com> <916CE6CF87173740BC8A2CE44309696203784B27@008-AM1MPN1-037.mgdnok.nokia.com> <708F3212-3C9C-4B61-AA77-EFA8F1CA5B04@nominum.com> <30B1AE01-0A35-48D2-91AF-46FC8B60466C@network-heretics.com> <4EA30EB0.6080605@dougbarton.us> <F2045A70-6314-41CF-AC3C-01F1F1ECF84C@network-heretics.com> <96472FB7-8425-4928-8F55-2ABF2CB59A93@conundrum.com>
In-Reply-To: <96472FB7-8425-4928-8F55-2ABF2CB59A93@conundrum.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [192.168.1.10]
Content-Type: multipart/alternative; boundary="_000_A3FA9584ECE74EA08F86F3CD483F96E8nominumcom_"
MIME-Version: 1.0
Cc: DHC WG <dhcwg@ietf.org>, "dnsop@ietf.org WG" <dnsop@ietf.org>, "<mif@ietf.org>" <mif@ietf.org>, dnsext List <dnsext@ietf.org>
Subject: Re: [mif] [dnsext] [DNSOP] 2nd Last Call for MIF DNS server selection document
X-BeenThere: mif@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Multiple Interface Discussion List <mif.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mif>, <mailto:mif-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mif>
List-Post: <mailto:mif@ietf.org>
List-Help: <mailto:mif-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mif>, <mailto:mif-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 23 Oct 2011 19:16:58 -0000

On Oct 23, 2011, at 2:39 AM, Matthew Pounsett wrote:
I think we need to accept that this practice is here to stay, and figure out how to deal with it on those terms.

There is no secure way to do search lists in a MIF environment.   Or, really, even in a SIF environment.   So saying "we just have to deal with it," while it may seem pragmatic, is really just avoiding the issue: it won't go away just because we ignore it.

Remember: it used to be the case that people would authenticate rsh traffic using the source IP address, and this persisted long after it was clear that it was untenable.   But the practice has been largely eliminated at this point.   So it's not the case that just because some practice is "crucial," it will inevitably persist forever.

The way search lists ought to be handled in a UI is to come up with a list of all the names that match the term the user has typed, and offer the user the opportunity to select which of those names to choose.   But that's a UI hack, so essentially out of scope.   Also, in order to do this in a MIF environment, you have to try resolving the name on both interfaces, which some people think is not acceptable.

v2.16.0 | Report a Bug | By Email