[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: draft-ietf-v6ops-scanning-implications WGLC

To: tjc@ecs.soton.ac.uk
Subject: Re: draft-ietf-v6ops-scanning-implications WGLC
From: Andrew Sullivan <andrew@ca.afilias.info>
Date: Thu, 11 Jan 2007 09:32:48 -0500
Cc: v6ops@ops.ietf.org
In-reply-to: <8D6E283C-8F2C-4801-95A0-D027267FF2F0@cisco.com>
References: <8D6E283C-8F2C-4801-95A0-D027267FF2F0@cisco.com>
Reply-to: Andrew Sullivan <andrew@ca.afilias.info>
User-agent: Mutt/1.5.9i

Hello,

On Thu, Jan 11, 2007 at 09:09:12AM +0100, Fred Baker wrote:
> Please read the draft at this time, noting spelling or wording issues  
> to the authors and substantive issues to the authors copying the list.

I have read the draft.  I have a small concern about a sentence in
section 3.4:

   It is also worth noting that the reverse DNS tree may also expose
   address information.

The way the section is worded, it sounds as though the draft is
recommending not to publish data in the reverse tree in order to
avoid this vector for attack.  If the paragraph were altered to read
as follows, the implication would not be there, I think:

   It is also worth noting that the reverse DNS tree may also expose
   address information.  Populating the reverse DNS tree for the
   entire subnet, even if not all addresses are actually used, may
   reduce that exposure.

Best regards,
Andrew Sullivan

-- 
----
Andrew Sullivan                         204-4141 Yonge Street
Afilias Canada                        Toronto, Ontario Canada
<andrew@ca.afilias.info>                              M2P 2A8
                                        +1 416 646 3304 x4110

References:
- draft-ietf-v6ops-scanning-implications WGLC
  - From: Fred Baker <fred@cisco.com>

Prev by Date: Re: about draft-ietf-v6ops-addr-select-req-00.txt
Next by Date: I-D ACTION:draft-ietf-v6ops-nap-06.txt
Previous by thread: draft-ietf-v6ops-scanning-implications WGLC
Next by thread: draft-ietf-v6ops-scanning-implications WGLC
Index(es):
- Date
- Thread