ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] DNSxL notation for IPv6?

2007-09-18 15:38:58
from [Douglas Otis] [Permanent Link] 

On Sep 18, 2007, at 11:23 AM, Matthias Leisi wrote:


Douglas Otis schrieb:
A large DNSBL has in the area of 5 mio entries. CPU and I/O load should not be a problem with IPv6 addresses.
We employ dynamic strategies utilizing somewhat normal RBL infrastructure deployed across a fair number of servers. For IPv4, more than a hundred million entries update daily. This goes beyond typical RBL entries. IPv6 is sure to greatly exacerbate these numbers. A strategy that attempts to ignore addresses that are specific to hosts within a network will necessitate an unmanageable number of exceptions. Even so, as many as 72 quadrillion networks would still require tracking, in addition to some subset of addresses within these networks.
The sheer number of IPv6 addresses impairs establishing reputations, even at /64 CIDRs. IPv6 reputations are 

Even IPv4-based reputation suffers from a scaling problem.
<shameless plug>That's why I believe that "enumerating goodness" is more powerful in the long run than "enumerating badness" and my motivation for building up dnswl.org</shameless plug> 

Would the reputation start at 0, +1 or -1?
ACK, IP addresses are just one element. OTOH, as long as signing mechanisms are not more widely deployed, and as long as domain names are free (as in beer) for some purposes, IP addresses and associated information (ranges, routes) remain important.
The current level of 0wned systems ensure shared IP addresses will never be a good solution. As long as email is free (as in free beer) vetting prior to submission will _never_ be sufficient.
Splitting email messages into notification/message provides a separate channel where message origination can not be spoofed, DSNs are not needed, and undesired junk is never transferred. This change would permit email to retain a high level of delivery integrity, allow final recipients to establish their own acceptance policy, and ensure valid recipients are kept confidential. This change will not burden recipients with additional cryptographic processes. An email specific URI could be used as an identifier instead. 

-Doug

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] DNSxL notation for IPv6?, Chris Lewis
Next by Date:  [Asrg] New Version Notification for draft-irtf-asrg-dnsbl-04, John L
Previous by Thread:  Re: [Asrg] DNSxL notation for IPv6?, Chris Lewis
Next by Thread:  [Asrg] New Version Notification for draft-irtf-asrg-dnsbl-04, John L
Indexes:  [Date] [Thread] [Top] [All Lists]