IETF Logo Mail Archive

Re: [DNSOP] Review of draft-livingood-dns-redirect-00

Stephane Bortzmeyer <bortzmeyer@nic.fr> Fri, 10 July 2009 13:07 UTC

Return-Path: <bortzmeyer@nic.fr>
X-Original-To: dnsop@core3.amsl.com
Delivered-To: dnsop@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7436F28C2E0 for <dnsop@core3.amsl.com>; Fri, 10 Jul 2009 06:07:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Pa09pHp7fmd1 for <dnsop@core3.amsl.com>; Fri, 10 Jul 2009 06:07:56 -0700 (PDT)
Received: from mail.bortzmeyer.org (bortzmeyer-1-pt.tunnel.tserv10.par1.ipv6.he.net [IPv6:2001:470:1f12:420::2]) by core3.amsl.com (Postfix) with ESMTP id 9735128C12F for <dnsop@ietf.org>; Fri, 10 Jul 2009 06:07:56 -0700 (PDT)
Received: by mail.bortzmeyer.org (Postfix, from userid 10) id A640F7C17D; Fri, 10 Jul 2009 15:08:23 +0200 (CEST)
Received: by horcrux (Postfix, from userid 1000) id 8AC971576A4; Fri, 10 Jul 2009 15:05:27 +0200 (CEST)
Date: Fri, 10 Jul 2009 15:05:27 +0200
From: Stephane Bortzmeyer <bortzmeyer@nic.fr>
To: "Livingood, Jason" <Jason_Livingood@cable.comcast.com>
Message-ID: <20090710130527.GA17272@laperouse.bortzmeyer.org>
References: <C67B83C4.E855%Jason_Livingood@cable.comcast.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <C67B83C4.E855%Jason_Livingood@cable.comcast.com>
X-Transport: UUCP rules
X-Operating-System: Ubuntu 8.10 (intrepid)
User-Agent: Mutt/1.5.18 (2008-05-17)
Cc: dnsop@ietf.org
Subject: Re: [DNSOP] Review of draft-livingood-dns-redirect-00
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Jul 2009 13:07:57 -0000

On Thu, Jul 09, 2009 at 11:23:48AM -0400,
 Livingood, Jason <Jason_Livingood@cable.comcast.com> wrote 
 a message of 69 lines which said:

> If anyone is interested and has time before IETF 75, I¹m happy to take
> feedback before then obviously. 

Disclaimer: I find the whole idea a very bad one, a violation of
network neutrality and certainly a service I would never accept from
my ISP.

1) There is a lot of vocabulary which is more propaganda than
technical description such as pretending in section 2 that it is an
"enhanced" DNS service, which is very questionable. 

2) "ISPs and DNS ASPs must provide their users with a method to opt
into (opt-in) or out (opt-out) of some or all DNS Redirect services."
You need to add "without delay or payment".

3) "Only A and AAAA resource records should be redirected, all other
resource record types must be answered as if there was no
redirection." Does it mean that a request for MX or SRV, with the same
owner name, will return NXDOMAIN? If so, it seems to me a strong
violation of the DNS protocol.

4) About DNSSEC, "This case doesn't have widespread deployment now and
could be mitigated by using trust anchor, configured by the applicable
ISP or DNS ASP, that could be used to sign the redirected answers."
That's the most newspeak sentence of the I-D. I suggest to call this
feature Authenticated Lie.
 
5) I find no reference to the two most relevant RFC here, RFC 4084 and
RFC 4924 (section 2.5.2). For instance, ISP in France which have these
"services" never advertise the fact to prospective customers, thus
violating RFC 4084.

v2.23.0 | Report a Bug | By Email