At 18:45 27-09-2007, Paul Hoffman wrote:
The Security Considerations section for this document is much too
narrow. It ignores one of the main reasons that many organizations
purposely choose to provide recursive lookup to the public, namely
for their own roaming users. Without an open, known-good nameserver
at a fixed address, roaming users need to trust whatever is given to
them by their ISP at
The same question of trust is applicable to general users as well as
you pointed out in your comment about ISPs.
The Security Considerations section needs to deal with these issues,
even if they do not change the advice given in section 4.
Although this document does not create any new security issues for
the DNS protocol, it may be an issue for users of the service. A
note covering the points you raised could be added under security
considerations.
Regards,
-sm
_______________________________________________
Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf