-----Original Message-----
From: william(_at_)elan(_dot_)net [mailto:william(_at_)elan(_dot_)net]
Sent: Thursday, March 06, 2003 12:46 PM
To: asrg(_at_)ietf(_dot_)org
Subject: Re: [Asrg] Declaration to the world
---- I don't see it as a huge problem. If your DNS is broken... fix it. Our
implementation works somewhat this way now. If their DNS is broken or there
is something wrong with the record, we queue the mail and do not deliver it.
We will check for about 24hrs to see if it is eventually fixed, but after
that, an error message is sent and the email is deleted. If there is a
complaint, my response is "Fix your DNS". Designing around an issue is not
the way to go. Design it to the RFC's and make it work accordingly. This
would increase the pressure to fix the issues. Not only that, we are talking
about a minority, not the majority.
If everyone starts driving at 10mph, fatalities on the freeway will become
almost non-existent and if we cover the earth in feather pillows, nobody
will die in plane crashes. Is that the way that we want to go about
designing this solution? If it doesn't work, fix it- Don't design around it.
Here is a quote from another thread:
"I am the Principal Scientist of VeriSign, a company that manages DNS and
PKI infrastructure on a very large scale. Hadmut has made a number of well
thought out contributions to the debate. -If DNS is broken we can fix it for
this application."
- Phillip Hallam-Baker
Can we drop the broken DNS debate?
Regards,
Damon
DNS is specially designed to be tied to IP addresses and so are ip addresses
to DNS (reverse dns which is in fact used by some mailers to establish
identity). It seems to me we can not rely on just ip address or just domain
but both can be used with possibly additional means of authentication when
one or the other changes. Big problem is how to provide distributed
authentication if it must be independent of either ip addresses or domain
names.
On Thu, 6 Mar 2003, Keith Moore wrote:
subject to relataively few constraints, you own 'danisch.de' for as long
as
you renew it. most users do not own their IP addresses. in order for
routing
to scale (at least with current routing protocols), it is necessary that
networks be renumbered from time to time. so we do not want to encourage
tight binding of IP addresses to domain names even for those cases where
it might
work, for now. also, source addresses can sometimes be forged, so we
don't
want to rely on them as authentiation tokens.
Keith
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
*****
"The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential, proprietary, and/or
privileged material. Any review, retransmission, dissemination or other use
of, or taking of any action in reliance upon, this information by persons or
entities other than the intended recipient is prohibited. If you received
this in error, please contact the sender and delete the material from all
computers."
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg