Re: [DNSOP] Review of draft-livingood-dns-redirect-00

Andrew Sullivan <ajs@shinkuro.com> Wed, 15 July 2009 16:30 UTC

Return-Path: <ajs@shinkuro.com>
X-Original-To: dnsop@core3.amsl.com
Delivered-To: dnsop@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 75F0D3A6BEA for <dnsop@core3.amsl.com>; Wed, 15 Jul 2009 09:30:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.15
X-Spam-Level:
X-Spam-Status: No, score=-2.15 tagged_above=-999 required=5 tests=[AWL=0.449, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SwOT+iJztxgl for <dnsop@core3.amsl.com>; Wed, 15 Jul 2009 09:30:29 -0700 (PDT)
Received: from mail.yitter.info (mail.yitter.info [208.86.224.201]) by core3.amsl.com (Postfix) with ESMTP id 89B763A6B33 for <dnsop@ietf.org>; Wed, 15 Jul 2009 09:30:29 -0700 (PDT)
Received: from crankycanuck.ca (76-10-166-247.dsl.teksavvy.com [76.10.166.247]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.yitter.info (Postfix) with ESMTPSA id DBB8D2FE8CA1 for <dnsop@ietf.org>; Wed, 15 Jul 2009 16:29:48 +0000 (UTC)
Date: Wed, 15 Jul 2009 12:29:47 -0400
From: Andrew Sullivan <ajs@shinkuro.com>
To: dnsop@ietf.org
Message-ID: <20090715162946.GO6313@shinkuro.com>
References: <C67B83C4.E855%Jason_Livingood@cable.comcast.com> <20090713202948.GE3018@shinkuro.com> <20090714212642.GD822@sources.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <20090714212642.GD822@sources.org>
User-Agent: Mutt/1.5.18 (2008-05-17)
Subject: Re: [DNSOP] Review of draft-livingood-dns-redirect-00
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Jul 2009 16:30:30 -0000

On Tue, Jul 14, 2009 at 11:26:42PM +0200, Stephane Bortzmeyer wrote:
 
> DNS lying resolvers are not a solution to an actual problem
> (otherwise, doing it as an opt-in service would be sufficient).

I cannot agree, as much as I would like to.

If there weren't an "actual problem" here to be solved, nobody would
be trying to do it.  Just because I don't think typos in DNS names are
hard to fix does not mean that there isn't a service there some people
like (I have no idea whether they actually like it; I have seen zero
studies of actual user impressions of these things).  Just because I
know how to avoid going to phishing and malware sites does not mean it
is within the competence of the average user.  And just because I
think the cost of running a DNS server that generates no revenue is
"just the cost of doing business" does not mean that the CFO of my
favourite ISP agrees.

Dismissing the things that people are actually doing on the network as
solutions to non-problems is, I say, _exactly_ how we got to the point
where NATs are used even when they're not needed, how we got firewalls
that refuse to allow TCP over port 53, and so on.  We can either
listen to those who are proposing to do things, and try to come up
with ways to limit the harm while pointing out the harm that is
thereby done, or we can stamp our little feet and insist that they run
their networks by our rules.  I have little faith that path 2 will work.

A

-- 
Andrew Sullivan
ajs@shinkuro.com
Shinkuro, Inc.