Re: [DNSOP] DNSOP Call for Adoption draft-vixie-dns-rpz

Dave Crocker <dhc@dcrocker.net> Mon, 13 March 2017 14:44 UTC

Return-Path: <dhc@dcrocker.net>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6445B1296CC for <dnsop@ietfa.amsl.com>; Mon, 13 Mar 2017 07:44:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=dcrocker.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YVDyPFF3-xkD for <dnsop@ietfa.amsl.com>; Mon, 13 Mar 2017 07:44:36 -0700 (PDT)
Received: from simon.songbird.com (simon.songbird.com [72.52.113.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6CBF81296CA for <dnsop@ietf.org>; Mon, 13 Mar 2017 07:44:36 -0700 (PDT)
Received: from [192.168.1.168] (76-218-8-128.lightspeed.sntcca.sbcglobal.net [76.218.8.128]) (authenticated bits=0) by simon.songbird.com (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id v2DEkW2S008207 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Mon, 13 Mar 2017 07:46:32 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=dcrocker.net; s=default; t=1489416392; bh=LFVm3XTHpGqqdOmrEaYwTkIT3ygMYDUOEIPxttewNIw=; h=Subject:To:References:Cc:Reply-To:From:Date:In-Reply-To:From; b=jxko21sOZcvCpM6Q0F8ZhLBRpQGDxQcaSFB62lK66i2inrB7wSIkPUixEsO/N5ckv b8tBlPK4mWob6jJCTunewIh1yVl3Jc7EedkQe2DNpkOSi1NhqM6w+GrYGKCN2pNO+w q5x0nCIPqKKY/2grD1D+RvFIWY11SB2puSMetth4=
To: Paul Wouters <paul@nohats.ca>
References: <CADyWQ+ETSd199ok0fgh=PB=--hW7buPgSoCg22aK51Bk4xxBmw@mail.gmail.com> <CADyWQ+GUDg2iA+MQ9xjNLDVvRgnd9PD=pLBNNvp0xK3UZVSqTA@mail.gmail.com> <1AD82FB6-735A-4124-A0A3-2158EC567AD6@nohats.ca> <CAHw9_iK+SWiHZwGgHZRO2T1MLVQZS-2BaeZBzyUuZ0iWHX2ZjA@mail.gmail.com> <fa0b1bd1-f7b8-c3bc-58a3-397c1b118370@bogus.com> <alpine.LRH.2.20.999.1703121922250.11053@bofh.nohats.ca> <19668099-d361-5bd5-7efb-2aab92c190e6@bbiw.net> <alpine.LRH.2.20.999.1703130533180.18195@bofh.nohats.ca>
From: Dave Crocker <dhc@dcrocker.net>
Organization: Brandenburg InternetWorking
Message-ID: <677ed378-554b-5129-4f46-c2478696e483@dcrocker.net>
Date: Mon, 13 Mar 2017 07:44:18 -0700
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0
MIME-Version: 1.0
In-Reply-To: <alpine.LRH.2.20.999.1703130533180.18195@bofh.nohats.ca>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/oZI-94bP8Jev9aErcf2JnVEIz7g>
Cc: dnsop <dnsop@ietf.org>
Subject: Re: [DNSOP] DNSOP Call for Adoption draft-vixie-dns-rpz
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
Reply-To: dcrocker@bbiw.net
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Mar 2017 14:44:37 -0000

On 3/13/2017 4:11 AM, Paul Wouters wrote:
> The draft breaks DNSSEC.
...
> I have proposed a method that would not change the RPZ response for a
> non-DNSSEC client, but would add data for DNSSEC capable clients to be


That sounds like an excellent bit of technical enhancement to 
consider... /after/ documenting /existing/ practice.

d/
-- 
Dave Crocker
Brandenburg InternetWorking
bbiw.net