So the "problem" isn't whether some string not listed in 2606
can be allocated, it is how it is used after it is allocated.
And _that_ situation has a lot more to do about "buyer beware"
and understanding of conflicting expectations about use than it
does about ownership.
john
I really wish it was *just* "buyer beware". If http://museum/
only works for some clients and not other then there really
isn't a problem. By "works" here I mean connects to
83.145.59.103 or nowhere.
The problem is that it isn't just "buyer beware". If the
buyer adds any records are looked up by search mechanisms
as a part on normal application activity, A, AAAA and MX
are simple examples, then *ALL* the users of the Internet
need to be aware that they are there.
This is a security problem, not a buyer beware problem.
This is a namespace clash and namespace clashes are bad for
many reasons.
Now as far as I can see there are two solutions which attack
the problem from different ends.
1. ban the adding of any records which meet the above criteria.
2. rewrite resolvers to not lookup single labels against the
root.
Note banning would have to be described is a manner that
didn't preclude the negative advertisement of a service.
It would also have to be writen to exclude records that a
looked up with a prefix added.
Also what is the penalty for adding banned records?
Mark
; <<>> DiG 9.3.4-P1 <<>> museum
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61108
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 5, ADDITIONAL: 0
;; QUESTION SECTION:
;museum. IN A
;; ANSWER SECTION:
museum. 86034 IN A 83.145.59.103
;; AUTHORITY SECTION:
museum. 22099 IN NS ns-ext.vix.com.
museum. 22099 IN NS ns1.getty.edu.
museum. 22099 IN NS nic.icom.org.
museum. 22099 IN NS ns.icann.org.
museum. 22099 IN NS nic.museum.
;; Query time: 3 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sat Jul 5 08:22:30 2008
;; MSG SIZE rcvd: 162
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews(_at_)isc(_dot_)org
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf