Home page logo
/

nanog logo nanog mailing list archives

Re: What do people use public suffix for?
From: Dave Crocker <dhc2 () dcrocker net>
Date: Fri, 19 Apr 2013 20:19:04 -0700

1. Explicitly marking an administrative boundary is not inherently a 'security' function, although properly authorizing and protecting the marking no doubt would be.

2. Defining a marking mechanism that is built into a security mechanism that is designed for other purposes is overloading functionality, as well as setting up a problematic critical dependency. That's not just asking for trouble, it's guaranteeing it.

3. Since you made reference to assumptions a couple of times: the goal here is an explicit marking mechanisms. No assumptions involved.

d/

On 4/19/2013 7:58 PM, Jimmy Hess wrote:
On 4/19/13, Dave Crocker <dhc2 () dcrocker net> wrote:
On 4/19/2013 4:33 PM, Jimmy Hess wrote:
[snip]
Absent a view that somehow says all metadata is a security function, I
don't see how the marking of administrative boundaries qualifies as a
security function.

The security function comes in immediately, when you consider any
actual uses for said kind of metadata.

The issues are alleviated only by assuming that an administrative
division always exists, unless you can show otherwise,   and showing
that the records are in the same zone is one way of showing otherwise.


When you come to rely on it, there are new security issues.

It becomes such that;   It   is perfectly safe to assume that there is
an administrative division when there is not

--
 Dave Crocker
 Brandenburg InternetWorking
 bbiw.net

--
 Dave Crocker
 Brandenburg InternetWorking
 bbiw.net


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]