Date: Mon, 10 Jul 2006 23:40:02 -0400
From: Steven M. Bellovin
[ snipping points to which I'm not responding ]
The third is that not all the world is a web site.
Indeed, different apps have different requirements. SRV-ish granularity
would be useful.
Eddy
(Note that I've not examined OpenDNS's offering, so I'm _not_ pretending
to comment on what they do.)
Let's quit looking at overly-simplistic correction mechanisms. Do spell
checkers force autocorrection with only a single choice per misspelled
word?
Return an A RR that points <correction service>-controlled system. Said
system examines HTTP "Host" header, then returns a page listing multiple
possibilities.
"The site you specified does not exist. Here is a list of sites that
you may be trying to access: ..."
I'm generally ignoring other protocols to limit the discussion scope.
However, one can see how SMTP and FTP might be similarly handled. (IMHO
not as good as a SRV-ish system that could return NXDOMAIN per service,
but actually somewhat usable today.)
Eddy
Edward B. DREGER wrote:
I'm generally ignoring other protocols to limit the discussion scope.
However, one can see how SMTP and FTP might be similarly handled. (IMHO
not as good as a SRV-ish system that could return NXDOMAIN per service,
but actually somewhat usable today.)
No, you should not. The other iportant things that come into my mind
are
Thus spake "Edward B. DREGER" <eddy+public+spam@noc.everquick.net>
(Note that I've not examined OpenDNS's offering, so I'm _not_ pretending
to comment on what they do.)Let's quit looking at overly-simplistic correction mechanisms. Do spell
checkers force autocorrection with only a single choice per misspelled
word?
Ever used Word or Outlook? They annoyingly "fix" words as you type
without offering multiple choices or even alerting the user that they're doing
it. I've learned to re-read what I write several times now because I've been
burned too many times by jargon being "corrected" to unrelated "real"
words -- but I type "teh" and similar things often enough I can't afford to
turn the feature off. (And my employer requires me to use those apps, so all you anti-MS folks please sit back down)
OpenDNS's typo-fixing service can supposedly be turned off, but I don't see
how that would work when you have multiple users behind a NAT or a recursive server. There also may be hidden problems if an ISP pushes all
of their users onto this service and the users have no clue they've been
"opted in" or how to opt back out (and we all know how well "opt out"
systems work for email in general).
Return an A RR that points <correction service>-controlled system. Said
system examines HTTP "Host" header, then returns a page listing multiple
possibilities."The site you specified does not exist. Here is a list of sites that
you may be trying to access: ..."
And that solves most of my objections, at least for HTTP. It still breaks a
lot of other protocols.
I'm generally ignoring other protocols to limit the discussion scope.
However, one can see how SMTP and FTP might be similarly handled.
(IMHO not as good as a SRV-ish system that could return NXDOMAIN
per service, but actually somewhat usable today.)
If web browsers consulted SRV records instead of blindly connecting to the
A, that would appear to solve everything: NXDOMAIN for the A but the HTTP
SRV could point to the typo-correction server. I'd not be inclined to argue
with such a setup, but it requires a refresh of every browser out there, so
it's not realistic.
S
Stephen Sprunk "Stupid people surround themselves with smart
CCIE #3723 people. Smart people surround themselves with
K5SSS smart people who disagree with them." --Aaron Sorkin
Date: Fri, 14 Jul 2006 13:38:31 -0500
From: Stephen Sprunk
Ever used Word or Outlook? They annoyingly "fix" words as you type without
offering multiple choices or even alerting the user that they're doing it.
Yes. One of the first "features" that I shut off.
OpenDNS's typo-fixing service can supposedly be turned off, but I don't see
how that would work when you have multiple users behind a NAT or a recursive
server. There also may be hidden problems if an ISP pushes all of their
users onto this service and the users have no clue they've been "opted in"
or how to opt back out (and we all know how well "opt out" systems work for
email in general).
*nod*
And that solves most of my objections, at least for HTTP. It still breaks a
lot of other protocols.
...which still poses problems that should not be ignored. I forked a
subset of the main discussion in hopes of better idea organization.
Other protocols should indeed be considered.
It's a question of protocol-specific proxying when [at least for now]
DNS returns protocol-agnostic answers.
As a side note, I wonder how many users would notice a typo-intercepted
HTTPS side and associated invalid/bogus certificate. I'm afraid the
number would be rather low.
If web browsers consulted SRV records instead of blindly connecting to the
A, that would appear to solve everything: NXDOMAIN for the A but the HTTP
SRV could point to the typo-correction server. I'd not be inclined to argue
with such a setup, but it requires a refresh of every browser out there, so
it's not realistic.
Agreed re the short term. However, SRV records have other uses -- why
should MXes get all the special treatment? -- so I'm trying to put
another tally in the "[potential] reasons to use SRV" column. Perhaps
if the ball began rolling...
Eddy