John Levine wrote:
Man, this horse still isn't dead.
First of all, this is a gross mischaracterization of what was in the
document. It was NEVER a tree walk
It was a one level tree walk, but it's gone now, never to return, so
that hardly matters.
Although I believe that there is at least one large vendor of
network equipment whose DNS tree is very flat, that's not true in
general, and there are plenty of large systems whose DNS tree is
more than two levels deep.
That doesn't matter. If there are more levels they are doubtless
*orders* of magnitude less than the total number of host names.
Perhaps. It sounds like you're saying that this is a problem that is
very important to solve, but not so important as to be worth putting
incrementally more effort into tool development. That doesn't strike
me as a very strong argument.
No it's an argument that dependencies are bad for deployment, and this
group is creating more. Good protocol design makes for as few
dependencies as is necessary to accomplish a task.
It's your-representative(_at_)unprotectedhostname(_dot_)bank(_dot_)com -
where
"your-representative" is actually your representative. We can and
should protect from that.
You're just reasserting the same implausible claim. This is part of
the lookalike problem, and no amount of ADSP will solve that.
And you're arguing that ADSP should solve everything, and by removing
important functionality we will in fact solve nothing.
ADSP might be of some use against exact name forgery, not lookalike
forgery.
Another problem for another day. Let's not boil the ocean.
Perhaps there is a middle ground here for those who think this case is
important? Can we not prohibit something that some believe will be
important?
Eliot
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html