Nick Nicholas wrote:
Frank, would you mind elaborating on why you believe
127.0.0.1/31 should not be used as a result code?
Murphy: users do get everything wrong that can go wrong.
It was quite interesting when the SCBL listed 127.0.0.1
for a few hours, IIRC that made it to /.
Of course listing 127.0.0.1 isn't the same as using it
as a return code, but OTOH 127.0.0.1 does have a meaning
on any system supporting IPv4 sockets at all.
There's a decent chance that users won't talk to their
own system unintentionally if they try a stunt like...
http://2.0.0.127.multi.surbl.org
...because multi.surbl.org doesn't use bit 0 in its result
codes 127.0.0.x. OPM uses bit 0, but they use 127.1.0.x
also avoiding the critical 127.0.0.1
For those systems where 127.0.0.2 etc. has a meaning I'd
hope that the average user knows his trade.
127.0.0.0 is another isue, BLs have the odd feature that
there are codes for "listed", but no code for "not listed".
Users and list owners could be tempted to treat 127.0.0.0
as "unlisted" with some undesirable results until they
figure out how it's supposed to work.
Reserving 127.0.0.1/31 generally is a simple way to avoid
some foreseeable problems. Besides having 127.0.0.1/31
as test non-entry for any "osirusoft" effect can't hurt.
Some list owners had really weird ideas how they can stop
their service after they had enough abuse and DDoS attacks.
After I've read one particular thread in the "spam tools"
list archive I fear that expecting the worst in conjunction
with BL owners and users is the only way to go.
Insofar as a BCP in concerned, do you envision this as a
SHOULD NOT or a MUST NOT?
The former. In theory you could create a list of all IPs
with an odd (even) digit sum, and on this list 127.0.0.1
(127.0.0.0) would be listed.
You could still avoid 127.0,0.1/31 as result code, if the
remaining 23 bits are good enough for your purposes. At
the moment SURBL using 6 bits (but not bit 0) is the most
elaborated list I know using bits.
The zz.countries.nerd.dk list encodes country numbers in
its result: That's a case where violating a SHOULD NOT
because they know what they are doing could make sense.
( But "1" is no ISO 3166 country number, or is it ? )
do you see this as a provision that is more appropriate
for the BCP than the RFC which John Levine is preparing.
I didn't like the old draft of the separate BCP, it was a
dubious "netiquette" style document for list owners, and
did not address stupid user like me. Fact, I didn't know
what SORBS 127.0.0.6 is until it hit several of my ISPs :-(
I like John's approach, because it's purely technical with
no "netiquette" vagaries.
Bye, Frank
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg