|
RE: DNS role (RE: NATs as firewalls, cryptography, and curbing DDoS threats.)
2007-03-07 23:38:20
--On 7. mars 2007 17:06 -0800 "Hallam-Baker, Phillip" <pbaker(_at_)verisign(_dot_)com>
wrote:
OK I will restate.
All connection initiation should be exclusively mediated through the DNS
and only the DNS.
OK, I'll restate too.
In my opinion, we should never introduce any function that involves the DNS
where:
- the answer is required to be different for different requestors
- the answer has to be different at two times separated by less than
~seconds
- a temporary failure of the resolution process is a fatal error rather
than a delay
Since the terms "mediated" and "signalling", in the way I commonly use
them, violates the first of these points in almost every design I'm aware
of, I think those are lousy terms to use for any function that the DNS is
good for.
The reason I introduced the term signalling was precisely because setting
up a connection today involves more than naming. Saying that the DNS
should be the exclusive naming infrastructure is not a new position. What
I am saying is that today session initiation involves more than the DNS
and that this makes the IPv4/IPv6 transition more difficult than it
should be.
If you say "the initiator of a connection can use the DNS to look up
information about the respondent before making the connection attempt, the
lookup process can be more complex than an A-record lookup, and that
information can be more complex than an IP address", I can agree with you
wholeheartedly.
If you say that "the respondent to a connection attempt can use the DNS to
look up information about the initiator, based either on the initiator's IP
address or on names the initiator includes in the connection attempt", I
can agree that this is technically possible, but am worried about the
number of devils in those details - as evidenced by the challenges of PTR
lookup, SPF verification and so on. See also the 3rd bullet above.
But I have trouble relating those two points of agreement with the words
"mediated" and "signalling", using any of the definitions of those words
that I can think of offhand.
You may have a different dictionary than me. If so, please quote.
Harald
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf
| <Prev in Thread] |
Current Thread |
[Next in Thread>
|
- RE: DNS role (RE: NATs as firewalls, cryptography, and curbing DDoS threats.), Hallam-Baker, Phillip
- RE: DNS role (RE: NATs as firewalls, cryptography, and curbing DDoS threats.),
Harald Tveit Alvestrand <=
- Re: DNS role (RE: NATs as firewalls, cryptography, and curbing DDoS threats.), Brian E Carpenter
- RE: DNS role (RE: NATs as firewalls, cryptography, and curbing DDoS threats.), Hallam-Baker, Phillip
- RE: DNS role (RE: NATs as firewalls, cryptography, and curbing DDoS threats.), Hallam-Baker, Phillip
- Re: DNS role (RE: NATs as firewalls, cryptography, and curbing DDoS threats.), Stephane Bortzmeyer
- Re: DNS role (RE: NATs as firewalls, cryptography, and curbing DDoS threats.), Brian E Carpenter
|
| Previous by Date: |
RE: [Dan Harkins] comments on draft-houseley-aaa-key-mgmt-07.txt, Narayanan, Vidya |
| Next by Date: |
RE: [Dan Harkins] comments on draft-houseley-aaa-key-mgmt-07.txt, Dan Harkins |
| Previous by Thread: |
RE: DNS role (RE: NATs as firewalls, cryptography, and curbing DDoS threats.), Hallam-Baker, Phillip |
| Next by Thread: |
Re: DNS role (RE: NATs as firewalls, cryptography, and curbing DDoS threats.), Dave Crocker |
| Indexes: |
[Date]
[Thread]
[Top]
[All Lists] |
|
|