IETF Logo Mail Archive

Re: [DNSOP] adoption mechanics and disclaimers wrt dns-rpz

Paul Vixie <vixie@fsi.io> Mon, 20 March 2017 17:11 UTC

Return-Path: <vixie@fsi.io>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6841513152F for <dnsop@ietfa.amsl.com>; Mon, 20 Mar 2017 10:11:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.002
X-Spam-Level:
X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=fsi.io
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s6tuWY6AdsMv for <dnsop@ietfa.amsl.com>; Mon, 20 Mar 2017 10:11:44 -0700 (PDT)
Received: from hq.fsi.io (hq.fsi.io [104.244.13.96]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BEA98131514 for <dnsop@ietf.org>; Mon, 20 Mar 2017 10:11:16 -0700 (PDT)
Received: from localhost (ip6-localhost [IPv6:::1]) by hq.fsi.io (Postfix) with ESMTP id 575AD824C0B; Mon, 20 Mar 2017 17:11:16 +0000 (UTC)
Received: from hq.fsi.io ([IPv6:::1]) by localhost (hq.fsi.io [IPv6:::1]) (amavisd-new, port 10032) with ESMTP id o2HoO_BxRT23; Mon, 20 Mar 2017 17:11:13 +0000 (UTC)
Received: from localhost (ip6-localhost [IPv6:::1]) by hq.fsi.io (Postfix) with ESMTP id CCFE7824C14; Mon, 20 Mar 2017 17:11:13 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.9.0 hq.fsi.io CCFE7824C14
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fsi.io; s=9DB368E8-E20A-11E2-82F0-24FC3FFE5E89; t=1490029873; bh=3eaICv1HJhCUNC7eXpeb2brVu9fO3CwC4f3lQlzunv4=; h=From:To:Subject:Date:Message-ID:MIME-Version: Content-Transfer-Encoding:Content-Type; b=XYrZwpXSLMoJyIOacRihtkxv3R2S2MG9KSoRFkraUl4UrRU0C6pZQT6TD40MLfABp ItavXOVE34RJFJYrVHthfWaCkYyNb6pQiO7aCrmfB9hD2JNfsDUzyrSbvcHH2hdlZr 3AVqVgQ/9DMdnUVz3vO9zi//0WzprvKShEyjbv44=
X-Virus-Scanned: amavisd-new at fsi.io
Received: from hq.fsi.io ([IPv6:::1]) by localhost (hq.fsi.io [IPv6:::1]) (amavisd-new, port 10026) with ESMTP id Qg4DgrzrSVru; Mon, 20 Mar 2017 17:11:13 +0000 (UTC)
Received: from linux-hs2j.localnet (dhcp-148.access.lah1.vix.su [24.104.150.148]) by hq.fsi.io (Postfix) with ESMTPSA id 94D8382483E; Mon, 20 Mar 2017 17:11:13 +0000 (UTC)
From: Paul Vixie <vixie@fsi.io>
To: Paul Wouters <paul@nohats.ca>
Cc: Warren Kumari <warren@kumari.net>, DNSOP <dnsop@ietf.org>
Date: Mon, 20 Mar 2017 17:11:12 +0000
Message-ID: <6316017.BRF0sKMtdU@linux-hs2j>
Organization: Farsight Security, Inc.
In-Reply-To: <alpine.LRH.2.20.999.1703201139120.18647@bofh.nohats.ca>
References: <2232822.T0nP9Ksjf9@linux-hs2j> <CAHw9_i+q1BH25RLA=kZg7NB7re1GvAWVrOehzCDQi+U_USvovw@mail.gmail.com> <alpine.LRH.2.20.999.1703201139120.18647@bofh.nohats.ca>
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/YL33GWa_DNC1TH_sthGvnYAYnTg>
Subject: Re: [DNSOP] adoption mechanics and disclaimers wrt dns-rpz
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Mar 2017 17:11:46 -0000

On Monday, March 20, 2017 4:00:23 PM GMT Paul Wouters wrote:
> On Mon, 20 Mar 2017, Warren Kumari wrote:
> > Authors (and DNSOP),
> > 
> > It appears that this may have been a process violation here - RFC5378
> > Section 3.3. Right to Produce Derivative Works seems to say that the
> > IETF needs change control before a WG can formally adopt a document. I
> > believe that we missed the fact that this included "non-standard"
> > copyright boilerplate.
> > 
> > I / we are still investigating, and would appreciate it if the WG
> > gives us some time to figure this out.
> 
> I'm not a process expert, but I would think that this document is best
> resubmitted as individual RFC (with boilerplate updated to reflect this),
> and then immediately placed into a "Final Review" as specified in Section
> 4.7 of RFC 4846. The RFC-Editor should be informed that this document
> has passed the technical review already in dnsops and that dnsops is in
> favour of publication as individual rfc documenting as it describes a
> valuable current used practise, so the document should proceed without
> modifications to the specified protocol.
> 
> This also would address my issue of the WG adopting something it cannot
> really change that could be abused for nationstate-level censorship.

if that's what has to be done, the authors will do it.

> However, such a change of submission should not lead to any more
> substantive delays in publication. If this is not possible, then I will
> retract my objection to publishing this as a WG document, and would only
> request the authors update the initial sentence of the abstract to say:
> 
>  	This document describes an existing and widely deployed practise
>  	for expressing and distributing DNS reply filters. This is
>  	implemented using a DNS response policy inside a specially constructed
>  	DNS zone, and for processing the contents of such response policy
>  	zones (RPZ) inside recursive name servers.

well, so, it's not a reply filter, but your language as to "existing and 
widely deployed" can be added.

vixie

v2.23.0 | Report a Bug | By Email