ietf-822
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Mandatory From field, anonymity, and hacks

2004-07-29 14:40:18
from [Charles Lindsey] [Permanent Link] 

On Mon, 26 Jul 2004 23:16:57 -0400, Bruce Lilly <blilly(_at_)erols(_dot_)com> 
wrote:



Charles Lindsey wrote:

[Concerning RFC 2606]


That says "can be used for private testing..., example in documentation,
DNS related experimentation, invalid DNS names, or other similar uses". I 
think that is wide enough to cover the intended usage.


DNS experimentation and testing are different matters from deliberate
obfuscation (or worse).
Indeed, but "invalid DNS names" means, er, "invalid DNS names", and "other similar uses" should cover most other applications.
And if you read further down in RFC 2606 (I don't have the exact words in front of me), you will see that it is recommended for use when you want something that is immediately and obviously invalid, just from a casual inspection, which is exactly what is needed in the case under discussion. 




Well, I might be inclined to prefer using a fixed, guaranteed black-hole
valid address if somebody wants to set one up...
It doesn't need setting up. The TLD ".invalid" already has the required property, and is registered with IANA as being guaranteed never to resolve to anything. 


    From: Joe Doe <jdoe(_at_)REMOVE-THIS(_dot_)foo(_dot_)com(_dot_)invalid>

which can be aborted at once without any DNS search at all?


Gack. NOOOOO!  Please tell me you didn't just say what I think you said!
In such a case, the only reasonable behavior is to query DNS for an MX
record for "REMOVE-THIS.foo.com.invalid." [*].
No, I meant exactly what I said. If it is guaranteed, by IANA registtration, that ".invalid" will never resolve, then agents need not bother to try it.
Naturally if they do (whether for testing or anything else), they will still be told the same thing. 

Now consider an alternative to either:
-------------------
Subject: foo
Date: 1 Jan 2005 12:34:56 +0700
[body] I, Joe Doe, of Timbuktu (not to be confused with any other "Joe Doe"), 
being of paranoid mind, do hereby write:  blah, blah, blah.
And do you think Joe Doe is ever going to do that, when he can more easily write (and his readers will more easily recognize, and followup/reply agents can more easily generate attribution lines for) 

    From: Joe Doe <jdoe(_at_)REMOVE-THIS(_dot_)foo(_dot_)com(_dot_)invalid>
Indeed, From lines of that form are already becoming quite common on Usenet, and if you think you can stop them, then you are just pissing in the wind. 

--
Charles H. Lindsey ---------At Home, doing my own thing------------------------ Tel: +44 161 436 6131 Fax: +44 161 436 6133 Web: http://www.cs.man.ac.uk/~chl Email: chl(_at_)clerew(_dot_)man(_dot_)ac(_dot_)uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K. PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Mandatory From field, anonymity, and hacks, Keith Moore
Next by Date:  Re: Mandatory From field, anonymity, and hacks, Charles Lindsey
Previous by Thread:  Re: Mandatory From field, anonymity, and hacks, Bruce Lilly
Next by Thread:  Re: Mandatory From field, anonymity, and hacks, Bruce Lilly
Indexes:  [Date] [Thread] [Top] [All Lists]