Re: [DNSOP] DNSOP Call for Adoption draft-vixie-dns-rpz

"Paul Hoffman" <paul.hoffman@vpnc.org> Tue, 20 December 2016 16:33 UTC

Return-Path: <paul.hoffman@vpnc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BDBED129B4B for <dnsop@ietfa.amsl.com>; Tue, 20 Dec 2016 08:33:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ry3_aHfoast7 for <dnsop@ietfa.amsl.com>; Tue, 20 Dec 2016 08:33:24 -0800 (PST)
Received: from mail.proper.com (Opus1.Proper.COM [207.182.41.91]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 598A2129B4D for <dnsop@ietf.org>; Tue, 20 Dec 2016 08:33:23 -0800 (PST)
Received: from [10.32.60.60] (50-1-51-163.dsl.dynamic.fusionbroadband.com [50.1.51.163]) (authenticated bits=0) by mail.proper.com (8.15.2/8.14.9) with ESMTPSA id uBKGWhwl003164 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for <dnsop@ietf.org>; Tue, 20 Dec 2016 09:32:44 -0700 (MST) (envelope-from paul.hoffman@vpnc.org)
X-Authentication-Warning: mail.proper.com: Host 50-1-51-163.dsl.dynamic.fusionbroadband.com [50.1.51.163] claimed to be [10.32.60.60]
From: "Paul Hoffman" <paul.hoffman@vpnc.org>
To: dnsop <dnsop@ietf.org>
Date: Tue, 20 Dec 2016 08:33:18 -0800
Message-ID: <C18E2D4E-EE89-4AF6-B4A0-FAD1A7A01B5E@vpnc.org>
In-Reply-To: <CADyWQ+ETSd199ok0fgh=PB=--hW7buPgSoCg22aK51Bk4xxBmw@mail.gmail.com>
References: <CADyWQ+ETSd199ok0fgh=PB=--hW7buPgSoCg22aK51Bk4xxBmw@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; format=flowed
X-Mailer: MailMate (1.9.6r5310)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/U8BaeifFuXz_-yYT33UnWy3k3fA>
Subject: Re: [DNSOP] DNSOP Call for Adoption draft-vixie-dns-rpz
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Dec 2016 16:33:26 -0000

On 20 Dec 2016, at 7:16, tjw ietf wrote:

> Please review this draft to see if you think it is suitable for 
> adoption by
> DNSOP, and comments to the list, clearly stating your view.

The draft itself is really not suitable for adoption by the WG. Just 
slapping "Informational" on the document is insufficient for preventing 
a lot of wasted effort by the WG in removing the parts of the document 
that promote the practices described.

If this is really just documenting current practice, then the document 
needs to be pared down significantly, and I strongly suspect the authors 
will not want to do that. They believe (as do many others) that the 
practices in this document are good for the Internet and good for the 
DNS. That's fine, and the fact that it has been implemented in a bunch 
of places shows that there is a community of active interest for 
promoting the idea.

Some here have argued that the protocol makes poor design choices, and 
some here have argued that the IETF publishing the protocol (even if it 
was stripped of suggesting it is a good idea) will give the wrong 
impression. As this WG has already seen, this is a recipe for lots of 
wasted time in the WG and a document at the end that makes no one happy.

Counter-question: of what value is documenting this current practice? 
Anyone who is already using it can find the documentation for it from 
their software vendor. There is nothing here that really affects the 
rest of the DNS other than "there will be lies".

--Paul Hoffman