Hoi John, thanks for your comments. On Fri, Feb 27, 2004 at 02:48:41PM -0500, John Leslie wrote: > This proposal depends on the authenticity of the in-addr.arpa > delegations; thus poorly-maintained regions of in-addr.arpa will > necessarily authorize too much or too little. Further discussion of > how to determine which regions are well-maintained will be needed, > although clearly that can be a local decision. How well a region is maintained will be evident very fast, at least if you see a lot of "mta=yes" records from hosts that shouldn't have them. > I would suggest the possibility of specifying a similar mechanism > not under in-addr.arpa -- but instead under the domain records of > any domain one might wish to trust -- showing whether that region of > in-addr.arpa is considered well-maintained and trustworthy. The naming mechanism can easily be adopted for black/white-listing. All you have to do is change the "tld" from in-addr.arpa (or ip6.arpa) to whatever you want. A few comments we received were about wildcards not being possible. This is not a big issue as we (the authors) see it. /If/ this proposal is deployed the important records will be "mta=yes" records, and the number of these records will/should be small and not being able to whitelist e.g. a whole /24 with one records might even be an advantage ;-)) \Maex -- SpaceNet AG | Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0 Research & Development | D-80807 Muenchen | Fax: +49 (89) 32356-299 "The security, stability and reliability of a computer system is reciprocally proportional to the amount of vacuity between the ears of the admin"