[162484] in North American Network Operators' Group
Re: What do people use public suffix for?
daemon@ATHENA.MIT.EDU (Dave Crocker)
Fri Apr 19 23:19:23 2013
Date: Fri, 19 Apr 2013 20:19:04 -0700
From: Dave Crocker <dhc2@dcrocker.net>
To: Jimmy Hess <mysidia@gmail.com>
In-Reply-To: <CAAAwwbWmGEeYEVF5mqS3HzU81VgKXF8eYE+CR8pXcM0XCrE7sw@mail.gmail.com>
Cc: NANOG <nanog@nanog.org>
Reply-To: dcrocker@bbiw.net
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
1. Explicitly marking an administrative boundary is not inherently a
'security' function, although properly authorizing and protecting the
marking no doubt would be.
2. Defining a marking mechanism that is built into a security mechanism
that is designed for other purposes is overloading functionality, as
well as setting up a problematic critical dependency. That's not just
asking for trouble, it's guaranteeing it.
3. Since you made reference to assumptions a couple of times: the goal
here is an explicit marking mechanisms. No assumptions involved.
d/
On 4/19/2013 7:58 PM, Jimmy Hess wrote:
> On 4/19/13, Dave Crocker <dhc2@dcrocker.net> wrote:
>> On 4/19/2013 4:33 PM, Jimmy Hess wrote:
> [snip]
>> Absent a view that somehow says all metadata is a security function, I
>> don't see how the marking of administrative boundaries qualifies as a
>> security function.
>
> The security function comes in immediately, when you consider any
> actual uses for said kind of metadata.
>
> The issues are alleviated only by assuming that an administrative
> division always exists, unless you can show otherwise, and showing
> that the records are in the same zone is one way of showing otherwise.
>
>
> When you come to rely on it, there are new security issues.
>
> It becomes such that; It is perfectly safe to assume that there is
> an administrative division when there is not
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
