On 6/14/2020 5:53 PM, Paul Wouters wrote:
On Sun, 14 Jun 2020, Michael StJohns wrote:
That said, I'd prefer it if the document selected a few (<=10) codes
from these ranges so that filtering may be built into
various servers and clients to prevent leakage.
Then you would expect DNS libraries and recursive servers to treat the
selected ones differently from the non-selected ones? That would only
complicate things further. Now there is an unofficial difference in
these unassigned names, "IETF handled" and "non-IETF handled".
Paul
Hi Paul -
What I asked for was some algorithmic way of figuring out which of some
43 two letter pairs might illegitimately show up. I didn't specify
that anyone had to (now) implement a mechanism to filter them, just that
the possibility should exist to implement filtering if necessary. But
you've got a point - why not just include all 43?
AIRC we had a few painful years where "private" address space
occasionally leaked into the routing system - it was fortunate that
there were only a few legitimate private blocks and that they could be
filtered. 43 is probably "small enough".
Later, Mike
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
