IETF Logo Mail Archive

Re: [dnsext] Re: need new flag bit in EDNS, "do me no favours" (DMNF)

Alex Bligh <alex@alex.org.uk> Tue, 26 October 2010 06:55 UTC

Return-Path: <owner-namedroppers@ops.ietf.org>
X-Original-To: ietfarch-dnsext-archive@core3.amsl.com
Delivered-To: ietfarch-dnsext-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 82B483A6846; Mon, 25 Oct 2010 23:55:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.099
X-Spam-Level:
X-Spam-Status: No, score=-1.099 tagged_above=-999 required=5 tests=[AWL=0.350, BAYES_00=-2.599, SARE_CHILDPRN1=1.15]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mdGBx+WfYQIx; Mon, 25 Oct 2010 23:55:08 -0700 (PDT)
Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 3A93E3A67FC; Mon, 25 Oct 2010 23:55:07 -0700 (PDT)
Received: from majordom by psg.com with local (Exim 4.72 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1PAdLi-0009R2-7x for namedroppers-data0@psg.com; Tue, 26 Oct 2010 06:49:34 +0000
Received: from mail.avalus.com ([89.16.176.221]) by psg.com with esmtp (Exim 4.72 (FreeBSD)) (envelope-from <alex@alex.org.uk>) id 1PAdLf-0009QZ-1W for namedroppers@ops.ietf.org; Tue, 26 Oct 2010 06:49:31 +0000
Received: from [192.168.100.17] (87-194-71-186.bethere.co.uk [87.194.71.186]) by mail.avalus.com (Postfix) with ESMTPSA id 8C909C56993; Tue, 26 Oct 2010 07:49:27 +0100 (BST)
Date: Tue, 26 Oct 2010 07:49:27 +0100
From: Alex Bligh <alex@alex.org.uk>
Reply-To: Alex Bligh <alex@alex.org.uk>
To: Paul Vixie <vixie@isc.org>, namedroppers@ops.ietf.org
cc: Alex Bligh <alex@alex.org.uk>
Subject: Re: [dnsext] Re: need new flag bit in EDNS, "do me no favours" (DMNF)
Message-ID: <3C1A3EC0049E38D6ECFA0533@nimrod.local>
In-Reply-To: <72674.1288058394@nsa.vix.com>
References: <59023.1287939121@nsa.vix.com> <20101025094523.GA5187@nic.fr> <41281.1288025835@nsa.vix.com> <20101025233215.4A495606495@drugs.dv.isc.org> <72674.1288058394@nsa.vix.com>
X-Mailer: Mulberry/4.0.8 (Mac OS X)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Sender: owner-namedroppers@ops.ietf.org
Precedence: bulk
List-ID: <namedroppers.ops.ietf.org>
List-Unsubscribe: To unsubscribe send a message to namedroppers-request@ops.ietf.org with
List-Unsubscribe: the word 'unsubscribe' in a single line as the message text body.
List-Archive: <http://ops.ietf.org/lists/namedroppers/>

--On 26 October 2010 01:59:54 +0000 Paul Vixie <vixie@isc.org> wrote:

> am i on the wrong track according to those (three) who have +1'd this so
> far?

I am not convinced this is going to solve the problem, but I think it's
worth our time reviewing. I will review if that is helpful.

One potential problem is this: we might all want the bitfield to be
"don't be evil", but in practice it's per the draft title "do not futz".
I suspect some futzing may be not only non-evil but necessary (or
lesser of two evils). I /think/ WiFi hotspots no longer futz with
DNS to get users online (they intercept port 80), so that's not
a problem. However, I know that in the UK (and other places) it's
all-but-a-legal-requirement for consumer ISPs to block certain
web content (in the UK child porn), and anyone sane does this partly
at the DNS level. If I'm an SP I probably won't respect an "ignore
legal requirements" bit whereas I might respect a "no advertising"
bit; if I'm a user in $regime I may not want to set a DMNF bit
if that actually means "be targeted by security forces". My worry is
that the bits may end up attempting to encode policy rather than
protocol.

-- 
Alex Bligh

v2.23.0 | Report a Bug | By Email