What do people use public suffix for?

Dave Crocker dhc2 at dcrocker.net
Sat Apr 20 03:19:04 UTC 2013


1. Explicitly marking an administrative boundary is not inherently a 
'security' function, although properly authorizing and protecting the 
marking no doubt would be.

2. Defining a marking mechanism that is built into a security mechanism 
that is designed for other purposes is overloading functionality, as 
well as setting up a problematic critical dependency.  That's not just 
asking for trouble, it's guaranteeing it.

3. Since you made reference to assumptions a couple of times: the goal 
here is an explicit marking mechanisms.  No assumptions involved.

d/

On 4/19/2013 7:58 PM, Jimmy Hess wrote:
> On 4/19/13, Dave Crocker <dhc2 at dcrocker.net> wrote:
>> On 4/19/2013 4:33 PM, Jimmy Hess wrote:
> [snip]
>> Absent a view that somehow says all metadata is a security function, I
>> don't see how the marking of administrative boundaries qualifies as a
>> security function.
>
> The security function comes in immediately, when you consider any
> actual uses for said kind of metadata.
>
> The issues are alleviated only by assuming that an administrative
> division always exists, unless you can show otherwise,   and showing
> that the records are in the same zone is one way of showing otherwise.
>
>
> When you come to rely on it, there are new security issues.
>
> It becomes such that;   It   is perfectly safe to assume that there is
> an administrative division when there is not

-- 
  Dave Crocker
  Brandenburg InternetWorking
  bbiw.net

-- 
  Dave Crocker
  Brandenburg InternetWorking
  bbiw.net




More information about the NANOG mailing list