To me this is fraud and unfair trade practice in addition to being
a security threat
I agree but I believe it may be difficult to have a rough consensus
on this one.
if we can't, that's a sad commentary on the state of IETF competence.
The RFC 4084 approach (naming things, in a standard way, so that
users can at least choose) may be better. Do note that, in some cases
I know about (such as Club Internet, the T-online subsidiary in
France), the ISP provides a set of normal name servers to the users
who want, so they can claim that the user has a choice.
giving the user a choice is of little value when the user is actively
lied to about the consequence of that choice. I'll bet they're not
asking users "do you want our DNS servers to lie to your applications?"
Another approach, not incompatible with this one, would be indeed to
produce a "Wildcards in DNS *resolvers* considered harmful" RFC.
unfortunately, the practice doesn't seem to be limited to just putting
in wildcard A records, so focusing attention on wildcards might miss the
mark.
Keith
_______________________________________________
Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf