Return-Path: Received: from pch.mit.edu (PCH.MIT.EDU [18.7.21.90]) by krbdev.mit.edu (Postfix) with ESMTP id AB9B13F3FD; Wed, 12 Nov 2014 12:48:46 -0500 (EST) Received: from pch.mit.edu (pch.mit.edu [127.0.0.1]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id sACHmken030102; Wed, 12 Nov 2014 12:48:46 -0500 Received: from mailhub-dmz-4.mit.edu (mailhub-dmz-4.mit.edu [18.7.62.38]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id sACHOow1025952 for ; Wed, 12 Nov 2014 12:24:51 -0500 Received: from dmz-mailsec-scanner-3.mit.edu (dmz-mailsec-scanner-3.mit.edu [18.9.25.14]) by mailhub-dmz-4.mit.edu (8.13.8/8.9.2) with ESMTP id sACHJhO2020746 for ; Wed, 12 Nov 2014 12:24:50 -0500 X-Auditid: 1209190e-f79d46d000003643-78-546397e1035a Authentication-Results: symauth.service.identifier Received: from cdcipgw01.twcable.com (cdcipgw01.twcable.com [165.237.91.110]) by dmz-mailsec-scanner-3.mit.edu (Symantec Messaging Gateway) with SMTP id 08.82.13891.1E793645; Wed, 12 Nov 2014 12:24:49 -0500 (EST) X-Sender-Ip: 10.136.163.15 X-Sender-Reputation: None X-Ironport-Av: E=Sophos;i="5.07,370,1413259200"; d="scan'208";a="216819648" Received: from unknown (HELO PRVPEXHUB06.corp.twcable.com) ([10.136.163.15]) by cdcipgw01.twcable.com with ESMTP/TLS/RC4-MD5; 12 Nov 2014 12:23:33 -0500 Received: from PRVPEXVS09.corp.twcable.com ([10.136.163.38]) by PRVPEXHUB06.corp.twcable.com ([10.136.163.15]) with mapi; Wed, 12 Nov 2014 12:24:48 -0500 From: "Howard, Lee" To: "krb5-bugs@mit.edu" Date: Wed, 12 Nov 2014 12:24:49 -0500 Subject: Documentation__Principal names and DNS Thread-Topic: Documentation__Principal names and DNS Thread-Index: Ac/+nY7trGsFG912ROC3HqiL9GYN5w== Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-Tnef-Correlator: User-Agent: Microsoft-MacOutlook/14.4.5.141003 Acceptlanguage: en-US Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFmphk+JIrShJLcpLzFFi42JZ+jY6T/fh9OQQg5fvpC0aHh5nd2D0aDpz lDmAMYrLJiU1J7MstUjfLoEr4/qpOawFS7kqfrf0MDUwLuXoYuTkkBAwkXhzfhIjiM0oYCSx +9wrVoi4mMSFe+vZuhi5OIQErjFKtH3pYINISEl8uDKVEcKWlLjQdZAFwg6Q+P/rKTNEw2xG iV0HH0A5cxklup7eYwapYhPQkTi9cAJYh4iAtsSSGU+ApnJwsAioSkxYaAcSFhbQlzj7+hIb RImJxL6Gr4wQtp7EgRPXwMbwChhL/NjwjB3iajGJ76fWMIHYzALiEreezGeCOEhAYsme88wQ tqjEy8f/wD4TBZoz7+ErNoheUYk77esZIXp1JBbs/sQGYWtLLFv4GmqXoMTJmU9YJjBKzkKy YhaSlllIWmYhaVnAyLKKUTYlt0o3NzEzpzg1Wbc4OTEvL7VI11gvN7NELzWldBMjMAqFOCX5 djB+Pah0iFGAg1GJh5djVVKIEGtiWXFl7iFGSQ4mJVHeldOSQ4T4kvJTKjMSizPii0pzUosP MUpwMCuJ8D6fCpTjTUmsrEotyodJSXOwKInzbvrBFyIkkJ5YkpqdmlqQWgSTZeJgP8Qow8Gh JMG7HmSyYFFqempFWmZOCbIaThDBBbKGB2jNCZBC3uKCxNzizHSIolOMilLivBUgCQGQREZp HtwAWOK8xCgrJczLyMDAIMQDdAHQ46jyrxjFgZ4W5v0KMoUnM68EbvoroMVMQIu/hSeBLC5J REhJNTDa6d09J/+o+2fW7Fmi5vN8Q2wd5z1s3LR8qtBaF+4HhT4FD/fL6c6PUGk4cMHn5Au7 t4dW/j9iFPM09WVybOZ9uwivH/k2Chs8H9/RamkqYMm6rmt4xkwlSXHq41jTbXln00R37Q4t bZU+m2l1Ub/Ctm223U1Fo+1Ka5qZJ5Uuds3dKM5s+ViJpTgj0VCLuag4EQBEJ9bLlwMAAA== Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by pch.mit.edu id sACHOow1025952 X-Mailman-Approved-At: Wed, 12 Nov 2014 12:48:43 -0500 X-Beenthere: krb5-bugs-incoming@mailman.mit.edu X-Mailman-Version: 2.1.6 Precedence: list Sender: krb5-bugs-incoming-bounces@PCH.mit.edu Errors-To: krb5-bugs-incoming-bounces@PCH.mit.edu X-RT-Original-Encoding: us-ascii Content-Length: 1270 I presented today at the DNSOP WG about reverse DNS, and how it's used. The context is that in IPv6, it is hard for ISPs to populate PTRs. So, is it worth the effort? see draft-howard-isp-ip6rdns Someone said, "SSH using PTRs for security is stupid" and there was thunderous applause. I'm following up on the DNSOP mailing list to confirm, but there seems to be consensus that the default behavior of rejecting an SSH connection because a PTR record is missing is stupid. So, what would it take to change the default behavior from rdns = true to rdns = false? Thanks, Lee This E-mail and any of its attachments may contain Time Warner Cable proprietary information, which is privileged, confidential, or subject to copyright belonging to Time Warner Cable. This E-mail is intended solely for the use of the individual or entity to which it is addressed. If you are not the intended recipient of this E-mail, you are hereby notified that any dissemination, distribution, copying, or action taken in relation to the contents of and attachments to this E-mail is strictly prohibited and may be unlawful. If you have received this E-mail in error, please notify the sender immediately and permanently delete the original and any copy of this E-mail and any printout.