Hoi John,
thanks for your comments.
On Fri, Feb 27, 2004 at 02:48:41PM -0500, John Leslie wrote:
This proposal depends on the authenticity of the in-addr.arpa
delegations; thus poorly-maintained regions of in-addr.arpa will
necessarily authorize too much or too little. Further discussion of
how to determine which regions are well-maintained will be needed,
although clearly that can be a local decision.
How well a region is maintained will be evident very fast, at least
if you see a lot of "mta=yes" records from hosts that shouldn't have
them.
I would suggest the possibility of specifying a similar mechanism
not under in-addr.arpa -- but instead under the domain records of
any domain one might wish to trust -- showing whether that region of
in-addr.arpa is considered well-maintained and trustworthy.
The naming mechanism can easily be adopted for black/white-listing. All
you have to do is change the "tld" from in-addr.arpa (or ip6.arpa)
to whatever you want.
A few comments we received were about wildcards not being possible.
This is not a big issue as we (the authors) see it. /If/ this proposal
is deployed the important records will be "mta=yes" records, and
the number of these records will/should be small and not being able
to whitelist e.g. a whole /24 with one records might even be an
advantage ;-))
\Maex
--
SpaceNet AG | Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0
Research & Development | D-80807 Muenchen | Fax: +49 (89) 32356-299
"The security, stability and reliability of a computer system is reciprocally
proportional to the amount of vacuity between the ears of the admin"