IETF Logo Mail Archive

Re: [DNSOP] I-D Action: draft-vixie-dns-rpz-04.txt

ac <ac@main.me> Mon, 19 December 2016 05:06 UTC

Return-Path: <ac@main.me>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1781F1294B7 for <dnsop@ietfa.amsl.com>; Sun, 18 Dec 2016 21:06:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.791
X-Spam-Level:
X-Spam-Status: No, score=-1.791 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, SPF_PASS=-0.001, T_DKIM_INVALID=0.01] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (2048-bit key) reason="fail (message has been altered)" header.d=main.me
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id n4HXNIBKggc0 for <dnsop@ietfa.amsl.com>; Sun, 18 Dec 2016 21:05:59 -0800 (PST)
Received: from web.hostacc.com (hostacc.com [188.40.114.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6F643129497 for <dnsop@ietf.org>; Sun, 18 Dec 2016 21:05:59 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=main.me; s=default; h=Content-Transfer-Encoding:Content-Type:MIME-Version:References: In-Reply-To:Subject:To:From:Date:Sender:Reply-To:Message-ID:Cc:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=Zz8ATC7YlWVz+aiwfJszuuDH8oI64TIUQVi6awvsSQQ=; b=Ipz2Vi5KgTelDiaFMRTud6zNrw DwcKSPE2tzprrbxvtPzJJNUSrhzZUDDoP5TIFseh2Nf38sbqO/MnF067BvZHTgOefan0/X0/nYqof JhmAr/l6hpOkqTTIIACuOlbRKhEWtoc16BKFRw/TKWy+v5wSZGtJDF0ehUe0HueurjgVP4+BA0pWa EhggGZKtzj/Qg42Tc6Y0wU3azjlRQAZZtgyuyo5yzPgF0Xagj3Iuomommj5B04hev9QLy0ItbTeEt xnEGSkjGq61wVJ9HYx37urYL92kZhiYlUxIRTU2EpRB5dFoPj7V7CGfQzXMdq/j7CxtfdCue1bYxY GL5yqjnA==;
Received: from [165.255.65.6] (port=40754 helo=tree.nuts.me) by web.hostacc.com with esmtpsa (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.87) (envelope-from <ac@main.me>) id 1cIq96-00020m-W1 for dnsop@ietf.org; Mon, 19 Dec 2016 06:05:57 +0100
Date: Mon, 19 Dec 2016 07:05:24 +0200
From: ac <ac@main.me>
To: "dnsop@ietf.org" <dnsop@ietf.org>
In-Reply-To: <em8c69a376-3e56-437d-8fe4-d70af6aa0e63@bodybag>
References: <20161218224231.GB16301@odin.ulthar.us> <em8c69a376-3e56-437d-8fe4-d70af6aa0e63@bodybag>
Organization: acmain
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - web.hostacc.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - main.me
X-Get-Message-Sender-Via: web.hostacc.com: authenticated_id: ac@main.me
X-Authenticated-Sender: web.hostacc.com: ac@main.me
X-Source:
X-Source-Args:
X-Source-Dir:
Message-Id: <20161219050559.6F643129497@ietfa.amsl.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/D9miXXB1QaPSTNcKvVcS0Ffkc9Q>
Subject: Re: [DNSOP] I-D Action: draft-vixie-dns-rpz-04.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Dec 2016 05:06:00 -0000

On Sun, 18 Dec 2016 23:45:34 +0000
"Adrien de Croy" <adrien@qbik.com> wrote:
>  > If the admin's goal is to block access to malicious sites, then
>  > they want to block the traffic, not falsify DNS.  If the goal is
>  > to warn users away from bad places, they can publish the list as a
>  > filter for end-system firewalls.
> That may be your view about how blocking should work, but a lot of 
> companies are using systems like OpenDNS who would beg to differ with 
> you.
> In terms of many of the metrics admins like such as simplicity, 
> effectiveness, cost etc, then spoofing DNS comes out very favourably.

DNS admins also have a  fiduciary responsibility to their users. 

Other services also have implied fiduciary responsibility, like email,
but DNS is a direct service - Your user is asking you, right now, for a
fact, not a best guess. Your user is asking you : What are the
operators of my bank saying their IP number is. 

While I am saying things that nobody is saying out loud, (I may as
well continue down my own slippery slope...) DNS admins are 
more important than other admins. DNS admins must be more sensitive to
their own ethics, their own truth. 

When it is presented as "okay" or "normal" to create protocols for
telling lies,  AND hiding those lies from their users, this is an indication 
that a lack of understanding exists about how important it is to meet
the high trust expectations the world has, on DNS. 

Many arguments could be made why it is a good thing to "protect" users
by using DNS and many arguments could be made why using DNS is
completely wrong for this.

My objection to the continued publication of the subject matter in this draft, is not that.

My objection is that it is simply not ethical.

It is simply not right.

Andre

v2.23.0 | Report a Bug | By Email