On Tue, 18 Jan 2011, Douglas Otis wrote:
On 1/18/11 2:43 PM, Daniel Feenberg wrote:
IPv6 is mentioned only once, in Section 3.5, and not in a way that suggests
DNSBLs for IPv6 are appropriate or practical. The document covers
whitelists as well as blacklists, and it is not unreasonable to suppose
that a whitelist could exist for IPv6 mail hosts. While I might prefer a
vigourous denunciation of IPv6 blacklists, there isn't anything really
objectionable in the draft on this topic.
It is not the number of times that IPv6 has been mentioned in the draft. It
is the number of times an example proves wholly unreasonable when related to
an IPv6 service.
In the rather critical matter, "2.2.1. Listings SHOULD Be Temporary", this
makes a questionable assumption that listing/de-listing churn will not become
damaging whenever expiration is used. Whether one is talking about v6
prefixes, or interface addresses, bad actors have access to virtually an
endless supply of prefixes and interface addresses. This means an address
may never repeat over a bad actor's life.
I am confused about why 2.2.1 is critical. Whether listings are temporary
or permanent, an IPv6 DNSBL is totally impractical and probably worthless.
I believe we agree there. There are lots of things that can't be
successfully distributed over DNS, this is only one of them. I might favor
singling it out on the grounds that there are a few people who want to try
it, but I wonder why it is so necessary to do so, since circumstances will
defeat them soon enough.
Is there a special reason an IPv6 DNSBL which listed spam sources would
interfere with legitimate traffic? Wouldn't it just get very large without
actually ever blocking much traffic, legitimate or spam?
Asrg mailing list