IETF Logo Mail Archive

Re: [DNSOP] adoption mechanics and disclaimers wrt dns-rpz

Paul Wouters <paul@nohats.ca> Mon, 20 March 2017 18:10 UTC

Return-Path: <paul@nohats.ca>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 79471129508 for <dnsop@ietfa.amsl.com>; Mon, 20 Mar 2017 11:10:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nohats.ca
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MitgP5njwwvP for <dnsop@ietfa.amsl.com>; Mon, 20 Mar 2017 11:10:40 -0700 (PDT)
Received: from mx.nohats.ca (mx.nohats.ca [IPv6:2a03:6000:1004:1::68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DD7DA129505 for <dnsop@ietf.org>; Mon, 20 Mar 2017 11:10:39 -0700 (PDT)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 3vn3s81jQQzCBV; Mon, 20 Mar 2017 19:10:36 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1490033436; bh=aKkaCGLkE11cm17bj/K5F2tOzDSuwY9tI/EfUIQxqDU=; h=Date:From:To:cc:Subject:In-Reply-To:References; b=CPsKUcZ/dPoALwUywNTOjoNilkgGgJgmkEki6yanHm2cQJZQAcGnAUxC/U0pUitcO aw1zzk5Qhw2xtqWJJVkdXk8FXri12s9iqSHK3SAxRC3zbgwEUax7am7dgM0umofG4r gw1h/V6rrRO0mwaWrB8ow8Fj75NLqTLyDuYAVwD4=
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id iiPTG40OAiyC; Mon, 20 Mar 2017 19:10:34 +0100 (CET)
Received: from bofh.nohats.ca (bofh.nohats.ca [76.10.157.69]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS; Mon, 20 Mar 2017 19:10:33 +0100 (CET)
Received: by bofh.nohats.ca (Postfix, from userid 1000) id 9800039D3A6; Mon, 20 Mar 2017 14:10:32 -0400 (EDT)
DKIM-Filter: OpenDKIM Filter v2.11.0 bofh.nohats.ca 9800039D3A6
Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id 7A6634144903; Mon, 20 Mar 2017 14:10:32 -0400 (EDT)
Date: Mon, 20 Mar 2017 14:10:32 -0400
From: Paul Wouters <paul@nohats.ca>
To: Paul Vixie <vixie@fsi.io>
cc: Warren Kumari <warren@kumari.net>, DNSOP <dnsop@ietf.org>
In-Reply-To: <6316017.BRF0sKMtdU@linux-hs2j>
Message-ID: <alpine.LRH.2.20.999.1703201355000.24328@bofh.nohats.ca>
References: <2232822.T0nP9Ksjf9@linux-hs2j> <CAHw9_i+q1BH25RLA=kZg7NB7re1GvAWVrOehzCDQi+U_USvovw@mail.gmail.com> <alpine.LRH.2.20.999.1703201139120.18647@bofh.nohats.ca> <6316017.BRF0sKMtdU@linux-hs2j>
User-Agent: Alpine 2.20.999 (LRH 202 2017-01-01)
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"; format="flowed"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/6XRy_LrSCFFMFi0SMqrglKcpwEM>
Subject: Re: [DNSOP] adoption mechanics and disclaimers wrt dns-rpz
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Mar 2017 18:10:41 -0000

On Mon, 20 Mar 2017, Paul Vixie wrote:

>> However, such a change of submission should not lead to any more
>> substantive delays in publication. If this is not possible, then I will
>> retract my objection to publishing this as a WG document, and would only
>> request the authors update the initial sentence of the abstract to say:
>>
>>  	This document describes an existing and widely deployed practise
>>  	for expressing and distributing DNS reply filters. This is
>>  	implemented using a DNS response policy inside a specially constructed
>>  	DNS zone, and for processing the contents of such response policy
>>  	zones (RPZ) inside recursive name servers.
>
> well, so, it's not a reply filter, but your language as to "existing and
> widely deployed" can be added.

The two changes are related for me. One is the warning about it being a
DNS answer modifier (whether you call it a filter, firewall, or censor
tool) and the other is that this modification practise is widespread
and better done with interoperability in mind.

Saying "expressing DNS response policy" might be pedantically more
correct, but is really obfuscating what this tool does, and I think the
abstract should really convey what this is all about.

Anyway, I said "request the authors". It is not a demand. I'm sure you
fully understand my opinion and concern by now. I'll leave it to you to
accomodate that with any or no textual modification.

Paul

v2.23.0 | Report a Bug | By Email