ietf-mxcomp
[Top] [All Lists]

Re: Limited scope of work

2004-03-30 15:01:06

On Tue, Mar 30, 2004 at 03:02:04PM -0600, Gordon Fecyk wrote:

- known-good IPs -- these are fully authenticated;
- believed trustworthy -- OK if a known-good is in the 
Receved headers;
- believed-bad IPs -- recommend discarding.

I think a fourth category may be needed:  Unknown -- IPs that 
are untrusted, but not necessarily bad.

Otherwise, we risk falling into the mindset that anything not 
explicitly permitted is to be dropped.

Actually, that is EXACTLY the mindset that should be adopted.  If we don't
adopt this mindset we might as well trust everything by default like we have
for the past fifteen+ years.  Or is it twenty+ years?


Without a category for "unknown", we'll move quickly from "deployable in
stages with semi-painless transition" to "widespread breakage at time of
deployment, with no transition mechanism".

I view this as bad.  We must provide a means by which people can ease
into the use of MARID.  One such mechanism is the ability to define a
grey area between "absolutely accept" and "probably/absolutely reject".



-- 
Mark C. Langston                                    Sr. Unix SysAdmin
mark(_at_)bitshift(_dot_)org                                       
mark(_at_)seti(_dot_)org
Systems & Network Admin                                SETI Institute
http://bitshift.org                               http://www.seti.org


<Prev in Thread] Current Thread [Next in Thread>