--On Monday, 07 July, 2008 10:30 +1000 Mark Andrews
<Mark_Andrews@xxxxxxx> wrote:
>...
> If / when MIT stop using ai.mit.edu, "user@ai" will not longer
> mean user@xxxxxxxxxxx This will mean that any configuration
> file that has "user@ai" will now, suddenly, get a different
> meaning. This is a latent security issue.
Mark,
While I'm basically sympathetic to the position you are taking
on this, we have recommended for years and years (since the CS.
incident, if not earlier), that things like configuration files
use FQDNs and only FQDNs. SMTP imposes the same requirement on
addresses in MAIL and RCPT commands.
If user@ai is in a config file with the intent of identifying
user@xxxxxxxxxx then the config file is broken. Conversely,
if the config file format is intended to permit references to
TLDs, I would hope that it would be possible to write "ai." if
the TLD were intended.
Personally, I'm very concerned about what users type and what
happens after that. For configuration files and the like, I
believe that we have a case of bad design if the interpretation
of the configuration is dependent on things outside the scope of
that file and, in particular, if there is a dependency on DNS
search procedures rather than one explicit FQDNs.
Quoting from your comment about Firefox, "Two wrongs don't make
a right. They just make two things that need to be fixed."
john
_______________________________________________
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf