At 10:39 AM -0800 11/13/08, Andrew Sullivan wrote: >On Thu, Nov 13, 2008 at 07:25:32PM +0100, Matthias Leisi wrote: >> Can you please explain what this "fairly serious damage to the DNS >> protocol" is? > >The message I posted from Olafur and me the other day is supposed to >explain this already: > >http://www.ietf.org/mail-archive/web/ietf/current/msg53776.html > >For the impatient, one fundamental problem is that the current >behaviour uses A records that do not contain host addresses, which is >contrary to the definition of an A record. > >A > Andrew, Thanks for the pointer. I had missed this technical comment in the crowd, and I think it is very important indeed. By re-using RRs with context-specific semantics, the proposal does serious harm to interoperability. Andrew and Olafur suggest one way around this (give a new RR for this use); there are others, but this one is both available and makes sense for this usage. They note that it would take some time to get this deployed. I believe that the rate of update among DNS-based reputation services is somewhat higher than Andrew and Olafur seem to, but the change should go forward *whether this draft is standardized or not*. It's important for the interoperable understanding of the DNS namespace for this to occur (or one of the related methods, like using a class other than IN to occur). regards, Ted Hardie _______________________________________________ Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf