IETF Logo Mail Archive

Re: [DNSOP] I-D Action: draft-vixie-dns-rpz-04.txt

ac <ac@main.me> Tue, 20 December 2016 06:41 UTC

Return-Path: <ac@main.me>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EA313129CB9 for <dnsop@ietfa.amsl.com>; Mon, 19 Dec 2016 22:41:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.791
X-Spam-Level:
X-Spam-Status: No, score=-1.791 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, SPF_PASS=-0.001, T_DKIM_INVALID=0.01] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (2048-bit key) reason="fail (message has been altered)" header.d=main.me
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WSuzQWnQr3dZ for <dnsop@ietfa.amsl.com>; Mon, 19 Dec 2016 22:41:34 -0800 (PST)
Received: from web.hostacc.com (hostacc.com [188.40.114.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 49C40129C74 for <dnsop@ietf.org>; Mon, 19 Dec 2016 22:41:34 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=main.me; s=default; h=Content-Transfer-Encoding:Content-Type:MIME-Version:References: In-Reply-To:Subject:Cc:To:From:Date:Sender:Reply-To:Message-ID:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=q4cA03NggWe3+gW6enVGNXveS7NrfBPnWyfIcxS+xW8=; b=MwCypgrSLRnYlN6Ny7iDt4rDek taO3I0xREI4Q/EMkMTi1c60eocXV+OllnrL5IqOpUxAmlUZ1Ud1IVlIYglkOX4PkazDJvD0ALNJgS K/tgAa76sv4qVuTkTqAT4K4Xrg4GJxwnVi0LaAGyYu1pQnUvkyb+LrKWNbMegZYhGczrT/MiEQ/l4 RVoJBtSkKldBMUzH453oT0Wc1VTRtldm/UQl2+Vpv6ZChE+xowG3OnIhaaTkWKf+jXiNv7Wk/OUd4 Loe9mrvjq0/etfT8rNR46o/T16wHFXVE+8TY5riEOgrH9Mo2XfjPmRKVukwYNKK/T2pM95GRgZdd9 IPy2SkHQ==;
Received: from [165.255.92.104] (port=35584 helo=tree.nuts.me) by web.hostacc.com with esmtpsa (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.87) (envelope-from <ac@main.me>) id 1cJE7A-0007Jd-9D; Tue, 20 Dec 2016 07:41:32 +0100
Date: Tue, 20 Dec 2016 08:40:57 +0200
From: ac <ac@main.me>
To: Evan Hunt <each@isc.org>
In-Reply-To: <20161220061242.GC63084@isc.org>
References: <20161219.101111.41661466.sthaug@nethelp.no> <20161219092509.0DBA5129452@ietfa.amsl.com> <20161219093846.GA25654@server.ds9a.nl> <20161219095038.55A171295A9@ietfa.amsl.com> <32D6D9A0-17F2-4C86-A06B-55DF4D747159@rfc1035.com> <20161219115524.A9D31129795@ietfa.amsl.com> <20161220044238.C0307129473@ietfa.amsl.com> <20161220045606.GA63084@isc.org> <20161220053120.299FD349452@mx.pao1.isc.org> <20161220061242.GC63084@isc.org>
Organization: acmain
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - web.hostacc.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - main.me
X-Get-Message-Sender-Via: web.hostacc.com: authenticated_id: ac@main.me
X-Authenticated-Sender: web.hostacc.com: ac@main.me
X-Source:
X-Source-Args:
X-Source-Dir:
Message-Id: <20161220064134.49C40129C74@ietfa.amsl.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/bTK3V4gVyNJGMBLYLoE68_pcHnQ>
Cc: dnsop@ietf.org
Subject: Re: [DNSOP] I-D Action: draft-vixie-dns-rpz-04.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Dec 2016 06:41:35 -0000

On Tue, 20 Dec 2016 06:12:42 +0000
Evan Hunt <each@isc.org> wrote:
> On Tue, Dec 20, 2016 at 07:30:43AM +0200, ac wrote:
> > You are quite correct, but the minute you answer questions for other
> > people the entire situation changes. 
> Not if they've contracted with me to answer their questions in a way
> that protects them from malware, it doesn't.
> 
ianal, my reply and opposition to the publication of the draft is that it is not ethical.

> > To rip the dam from underneath the duck: You cannot legally resolve
> > a non google IP number as "google.com" just because your t&c says
> > you can do whatever you want.
> If google.com is known to be sending malware or spam or other
> undesirable content (which it isn't), then of course I can.  Or,
> instead of remapping the answer, I can return NXDOMAIN.  This would

I do not see any problems with that, as you are not providing an actual answer 

> not be theft; it would a service provided to my malware-averse
> clientele.  If they don't want this to happen then they should use
> some other resolver or run their own.
> 
> Now, if I remap google.com in order to *cause* my clients to receive
> malware or spam, then yes, I agree that I am being evil, and I hope
> everyone is using DNSSEC and SSL certificate validation and other such
> mechanisms to detect and avoid this.
> 
imho DNSSEC is the way to go, it obviates the need for RPZ and for DNS
ethcis and many other issues.

Andre

v2.23.0 | Report a Bug | By Email