Re: [DNSOP] DNSOP Call for Adoption draft-vixie-dns-rpz

Viktor Dukhovni <ietf-dane@dukhovni.org> Mon, 13 March 2017 20:28 UTC

Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0177512947B for <dnsop@ietfa.amsl.com>; Mon, 13 Mar 2017 13:28:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id atgHNyJgZ6k4 for <dnsop@ietfa.amsl.com>; Mon, 13 Mar 2017 13:28:11 -0700 (PDT)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [108.5.242.66]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D43531293D6 for <dnsop@ietf.org>; Mon, 13 Mar 2017 13:28:11 -0700 (PDT)
Received: by mournblade.imrryr.org (Postfix, from userid 1034) id 402B97A3309; Mon, 13 Mar 2017 20:28:11 +0000 (UTC)
Date: Mon, 13 Mar 2017 20:28:11 +0000
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: dnsop <dnsop@ietf.org>
Message-ID: <20170313202811.GI4095@mournblade.imrryr.org>
References: <CADyWQ+ETSd199ok0fgh=PB=--hW7buPgSoCg22aK51Bk4xxBmw@mail.gmail.com> <CADyWQ+GUDg2iA+MQ9xjNLDVvRgnd9PD=pLBNNvp0xK3UZVSqTA@mail.gmail.com> <1AD82FB6-735A-4124-A0A3-2158EC567AD6@nohats.ca> <CAHw9_iK+SWiHZwGgHZRO2T1MLVQZS-2BaeZBzyUuZ0iWHX2ZjA@mail.gmail.com> <fa0b1bd1-f7b8-c3bc-58a3-397c1b118370@bogus.com> <alpine.LRH.2.20.999.1703121922250.11053@bofh.nohats.ca> <19668099-d361-5bd5-7efb-2aab92c190e6@bbiw.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <19668099-d361-5bd5-7efb-2aab92c190e6@bbiw.net>
User-Agent: Mutt/1.7.2 (2016-11-26)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/UDmhyCxPSG3oispHasBODp5m3jA>
Subject: Re: [DNSOP] DNSOP Call for Adoption draft-vixie-dns-rpz
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
Reply-To: dnsop@ietf.org
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Mar 2017 20:28:13 -0000

On Sun, Mar 12, 2017 at 04:38:20PM -0700, Dave Crocker wrote:

> On 3/12/2017 4:23 PM, Paul Wouters wrote:
> > I do not want to adopt it unmodified
> > as informational RFC for running existing code.
> 
> You do not want the IETF to document existing practice?

In general, yes.  However, in this case more is perhaps at stake
than documenting existing practice.  Whether we like it or not,
publication of said existing practice by the IETF will be seen as
an endorsement of that practice.  And, while the present RPZ provides
useful operational controls, there is real potential for mandated
abuse or collateral damage.

> Really?

Therefore, yes, really, it may be best to not document current
practice, and instead create a document that reduces the potential
for abuse and/or collateral damage.

If we're sending rockets up, we should care where they come down.

-- 
	Viktor.