[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: axfr-clarify supporting unauthorized users

To: namedroppers@ops.ietf.org
Subject: Re: axfr-clarify supporting unauthorized users
From: "D. J. Bernstein" <djb@cr.yp.to>
Date: 30 Nov 2002 03:30:01 -0000
Automatic-legal-notices: See http://cr.yp.to/mailcopyright.html.
References: <20021128222538.28764.qmail@cr.yp.to> <200211290315.gAT3FHgU023121@drugs.dv.isc.org> <20021129180339.70455.qmail@cr.yp.to> <1038596541.1232.221.camel@error-messages.mit.edu> <20021129204439.31534.qmail@cr.yp.to> <1038623268.1232.258.camel@error-messages.mit.edu>

[ post by non-subscriber.  with the massive amount of spam, it is easy to miss
  and therefore delete posts by non-subscribers.  your subscription address is
  54830374684695-namedroppers@sublist.cr.yp.to, please post from it or, if you
  wish to regularly post from an address that is not subscribed to this
  mailing list, send a message to namedroppers-owner@ops.ietf.org and ask to
  have the alternate address added to the list of addresses from which
  submissions are automatically accepted. ]

Greg Hudson writes:
> at the DNS level, it's not a message

Irrelevant. The word ``message'' doesn't appear in the text we're
discussing. Anyway, the server hasn't authorized you to ask for AXFR in
the first place, so you have no right to demand a response. Go away.

> Your original argument was that mandating an error message for a
> refused AXFR was not necessary for interoperability at all.  If that
> were true, then virtually all IETF protocols would be violating RFC
> 2119 by mandating separate error codes for separate failure conditions.

You are massively confused. There is a huge difference between saying
``you must _not_ send this packet if you are _not_ in this situation''
and saying ``you must send this packet if you are in this situation.''

Trivial example: A 5yz response to SMTP VRFY means that the server won't
accept mail for that address. Facts:

   (1) It is crucial for interoperability that servers _not_ say 5yz if
       they are _not_ in this situation. Otherwise some clients will
       fail to deliver mail to that address.

   (2) There is absolutely no requirement for servers to say 5yz if they
       _are_ in this situation; and, in fact, most servers instead say
       252, deliberately hiding information from the client. This has no
       effect on interoperability.

Do you understand the difference between #1 and #2? Do you understand
why #1 is an interoperability issue and #2 isn't?

---D. J. Bernstein, Associate Professor, Department of Mathematics,
Statistics, and Computer Science, University of Illinois at Chicago

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

References:
- axfr-clarify supporting unauthorized users
  - From: "D. J. Bernstein" <djb@cr.yp.to>
- Re: axfr-clarify supporting unauthorized users
  - From: Mark.Andrews@isc.org
- Re: axfr-clarify supporting unauthorized users
  - From: "D. J. Bernstein" <djb@cr.yp.to>
- Re: axfr-clarify supporting unauthorized users
  - From: Greg Hudson <ghudson@MIT.EDU>
- Re: axfr-clarify supporting unauthorized users
  - From: "D. J. Bernstein" <djb@cr.yp.to>
- Re: axfr-clarify supporting unauthorized users
  - From: Greg Hudson <ghudson@MIT.EDU>

Prev by Date: Re: axfr-clarify supporting unauthorized users
Next by Date: Re: trying to sweep namedroppers mismanagement under the rug
Previous by thread: Re: axfr-clarify supporting unauthorized users
Next by thread: Re: axfr-clarify supporting unauthorized users
Index(es):
- Date
- Thread