IETF Logo Mail Archive

Re: [DNSOP] DNSOP Call for Adoption draft-vixie-dns-rpz

Scott Schmit <i.grok@comcast.net> Thu, 29 December 2016 04:06 UTC

Return-Path: <i.grok@comcast.net>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2E1F8129512 for <dnsop@ietfa.amsl.com>; Wed, 28 Dec 2016 20:06:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.8
X-Spam-Level:
X-Spam-Status: No, score=-5.8 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-3.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=comcast.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DHOu45v0pwkc for <dnsop@ietfa.amsl.com>; Wed, 28 Dec 2016 20:06:50 -0800 (PST)
Received: from resqmta-ch2-10v.sys.comcast.net (resqmta-ch2-10v.sys.comcast.net [IPv6:2001:558:fe21:29:69:252:207:42]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 259CC129413 for <dnsop@ietf.org>; Wed, 28 Dec 2016 20:06:50 -0800 (PST)
Received: from resomta-ch2-07v.sys.comcast.net ([69.252.207.103]) by resqmta-ch2-10v.sys.comcast.net with SMTP id MRz3ce9q5rC25MRzNcz4dH; Thu, 29 Dec 2016 04:06:49 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcast.net; s=q20161114; t=1482984409; bh=O0XKC0vGH9JUGFiF++BgRceUfaLRgmhp+GfFCZxF8Sg=; h=Received:Received:Received:Received:Date:From:To:Subject: Message-ID:MIME-Version:Content-Type; b=om4bFmwRyvZGPrZG2PGwyTE7CsrIa054m+P/LyXtjrIlK4aX5lzV0QWAGDb0Vxk3Q IqcD6PE+3SG0qphsCHIHUWjo1U/dPUAeJoivT+4i/ReBXNnCZkDR0SpasQ/+qIzuON D0h617h/27klJ6iBT/ftnIYB/grhbqd7+cpMZD5fW/WjzTY0jX3f/4fnxx1VVxpEdT TiMOE/zY3oZG783OC57CSkmORTx+SmrclSU+SmnhGrui+W8edGN0FUBQ3Aw4XIpTJ/ ZTBeyvkr1pGRmqkm7GHtbSsj9936cguErJgZKh4fNp+u3Nui+x9ygxT04lKQWu7zCB dhaOB7+zoebIA==
Received: from odin.ULTHAR.us ([IPv6:2001:470:8c86:0:225:64ff:fe8b:c2f2]) by resomta-ch2-07v.sys.comcast.net with SMTP id MRzCcup8nDKuRMRzHcF3cL; Thu, 29 Dec 2016 04:06:47 +0000
Received: from odin.ulthar.us (localhost [127.0.0.1]) by odin.ULTHAR.us (8.15.2/8.14.5) with ESMTP id uBT46bkP010423 for <dnsop@ietf.org>; Wed, 28 Dec 2016 23:06:37 -0500
Received: (from draco@localhost) by odin.ulthar.us (8.15.2/8.15.2/Submit) id uBT46b0r010422 for dnsop@ietf.org; Wed, 28 Dec 2016 23:06:37 -0500
Date: Wed, 28 Dec 2016 23:06:37 -0500
From: Scott Schmit <i.grok@comcast.net>
To: dnsop@ietf.org
Message-ID: <20161229040637.GA26031@odin.ulthar.us>
References: <CADyWQ+ETSd199ok0fgh=PB=--hW7buPgSoCg22aK51Bk4xxBmw@mail.gmail.com> <C18E2D4E-EE89-4AF6-B4A0-FAD1A7A01B5E@vpnc.org> <8f78a52b-01ae-f529-a1ec-d7eb90fe94be@bellis.me.uk>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <8f78a52b-01ae-f529-a1ec-d7eb90fe94be@bellis.me.uk>
User-Agent: Mutt/1.7.1 (2016-10-04)
X-CMAE-Envelope: MS4wfHpErSrrLcaLqgRdAfvuYeUCMHNFsKPL4SSQ5YfRtQ5m1fmpvD+ibPT2Q46sABTjXJA5XUMLrguZ+s/CWVD3o4mwWtGwuLUc83D3xIRsZAyQ0l/mx0a9 iOv92EGoPTd3QTQ9jSqItgTkOL9JpDB7ENI=
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/TlGJ0ksszG4wnce0fAR3mzssvYI>
Subject: Re: [DNSOP] DNSOP Call for Adoption draft-vixie-dns-rpz
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Dec 2016 04:06:51 -0000

On Tue, Dec 20, 2016 at 04:35:48PM +0000, Ray Bellis wrote:
> On 20/12/2016 16:33, Paul Hoffman wrote:
> > Counter-question: of what value is documenting this current practice?
> > Anyone who is already using it can find the documentation for it from
> > their software vendor. There is nothing here that really affects the
> > rest of the DNS other than "there will be lies".
> 
> The document primarily covers BIND's behaviour.
> 
> It would be good if other implementations were completely compatible
> with that

Why?  How does this help the "good guys" (define that as you wish)?

I'm seeing how it really helps governments cheaply create and enforce
the creation of national internets -- especially with the walled garden
features.  Are those the good guys to you, or are there other benefits?

I'm also seeing how, if hijacked, the walled garden feature makes it
trivial to distribute malware to large numbers of users.

> and this also forms the baseline for potential future
> enhancements which could be under IETF change control.

If this is being submitted to the WG, this document will already be
under IETF & WG change control.  If that's not the intent, then the
document should not be adopted.

-- 
Scott Schmit

v2.14.0 | Report a Bug | By Email