On Thu, Jul 10, 2008 at 12:08 PM, Robert Elz <
kre at munnari.oz.au> wrote:
This is the kind of thing we might have expected to see in a security
considerations section 15-20 years ago, when the network was a nice kind
friendly environment, where all the players would take great care not
to do anything that might cause a problem.
Those days are long gone. Unfortunately were stuck with that infrastructure. Its good infrastructure - but not well policed - and insecure as hell because too many people built a system that assumed trust was the default value.
These days, if "the use of unsupported experimental code points" has the
"potential to disrupt the stable operation of the network" then that would
be something worthy of a CERT advisory and hasty code fixes by whatever
vendors are supplying the systems that would be disrupted.
Ya - I hear you - but this way its a good way to sell DNSSEC and put Verisign in charge of the DNS keys. No thank you. But its worth watching what happens.
(but of course, there's a "rule"
that says it must always be present, even when it is stupid, and obeying the
rules is, of course, far more important than producing quality documents...)
Yes - we are only human. Rules are good. That does not mean rules can not be questioned. And changes made by consensus.
cheers
joe baptista
