[mm] How is DNSSEC

Ben Laurie ben at links.org
Sat Mar 22 17:44:37 EDT 2008 

bmanning at vacation.karoshi.com wrote:
> On Sat, Mar 22, 2008 at 03:52:49PM +0000, Ben Laurie wrote:
>> bmanning at vacation.karoshi.com wrote:
>>> On Sat, Mar 22, 2008 at 02:46:40PM +0000, Ben Laurie wrote:
>>>> bmanning at vacation.karoshi.com wrote:
>>>>> 	Er... Allow me the option o fdisbeleiving your assertion.
>>>>> 	PTR records can and do point to mutiple names.  Some narrow
>>>>> 	implementations have assumed that there will only be a single
>>>>> 	data element and this myth - that PTRs only point to a single
>>>>> 	name - is and has been spread widely.
>>>> You can disbelieve my assertion if you wish, but I am only quoting the 
>>>> RFC. RFC 1035, to be precise:
>>>>
>>>> "Address nodes are used to hold pointers to primary host names
>>>> in the normal domain space."
>>>>
>>>> (section 3.5. IN-ADDR.ARPA domain). So, the "myth" is in the scripture.
>>>
>>> 	ah... open to interpretation.  what is a "primary" host name?
>> RFC 1035 does not say, in the case of hosts, but the intent is quite 
>> clear from the text on gateways:
>>
>> "Gateways will often have two names in separate domains, only one of 
>> which can be primary."
> 
> 
> 	the intent for gateways...  hosts w/ multiple IP's (VMware etc)
> 	are not gateways.  comparing oranges w/ dragonfruits.

If you insist on language lawyering, I can play.

I'd say it is clear from:

a) The lack of a repeated PTR record for a host IP in the example,

b) The use of the word 'primary',

c) The fact that the authors felt it necessary to explain what they saw 
as an exceptional case, i.e. that a gateway could have two names

that in the case of hosts, the authors expected there to only be a 
single PTR record for reverse lookup.

Of course, we have the power to change RFCs. But there's a process for that.

Cheers,

Ben.

-- 
http://www.apache-ssl.org/ben.html           http://www.links.org/

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list