Re: [DNSOP] draft-ietf-dnsop-dns-rpz

Vernon Schryver <vjs@rhyolite.com> Fri, 06 October 2017 15:01 UTC

Return-Path: <vjs@rhyolite.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 553EA1349EF for <dnsop@ietfa.amsl.com>; Fri, 6 Oct 2017 08:01:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.002
X-Spam-Level:
X-Spam-Status: No, score=-0.002 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 07Z2bCaBCMno for <dnsop@ietfa.amsl.com>; Fri, 6 Oct 2017 08:01:09 -0700 (PDT)
Received: from calcite.rhyolite.com (calcite-v6.rhyolite.com [IPv6:2001:470:4b:581::3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 961BC1349E7 for <dnsop@ietf.org>; Fri, 6 Oct 2017 08:01:08 -0700 (PDT)
Received: from calcite.rhyolite.com (localhost [127.0.0.1]) by calcite.rhyolite.com (8.15.2/8.15.2) with ESMTPS id v96F0prr028990 (CN=www.rhyolite.com version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for <dnsop@ietf.org> env-from <vjs@rhyolite.com>; Fri, 6 Oct 2017 15:00:51 GMT
Received: (from vjs@localhost) by calcite.rhyolite.com (8.15.2/8.15.2/Submit) id v96F0paX028988 for dnsop@ietf.org; Fri, 6 Oct 2017 15:00:51 GMT
Date: Fri, 6 Oct 2017 15:00:51 GMT
From: Vernon Schryver <vjs@rhyolite.com>
Message-Id: <201710061500.v96F0paX028988@calcite.rhyolite.com>
To: dnsop@ietf.org
In-Reply-To: <a1c456fd-8d80-4e61-56d1-2ee05ea3eeef@nic.cz>
X-DCC-Rhyolite-Metrics: calcite.rhyolite.com; whitelist
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/qQrTOovwKbsKGmvHhHA4aicbMo0>
Subject: Re: [DNSOP] draft-ietf-dnsop-dns-rpz
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Oct 2017 15:01:10 -0000

> From: =?UTF-8?B?UGV0ciDFoHBhxI1law==?= <petr.spacek@nic.cz>

> draft-ietf-dnsop-dns-rpz expired on 2017-09-10, i.e. did not receive any
> update from 2017-03-09.
>
> Is there a real apetite for work on this document?

The change described in Suzanne Woolf's mail that you quoted is
awaiting a "make is so" order from the chairs.

I'd like to see the document get an official number, but 
https://tools.ietf.org/html/draft-ietf-dnsop-dns-rpz-00
looks like stable online storage (pending that applicability text).

> We are considering RPZ implementation for Knot Resolver next year but if
> the document is not going to move forward I would rather close the
> ticket and be done with it. I certainly do commit to implementing
> ever-changing protocol without readily available description ...

RPZ is not currently an ever-changing protocol.  Some of the
controversy surrounding the document has been caused by Paul's and
my insistance on restricting the current document to a description
of the almost 8 year old notion of RPZ instead of fixing, improving,
or extending it.


If you will include hooks for an RPZ implementation in your shipped
code as opposed to modified source in a 'contrib' directory that
users must compile specially, I'd be happy to try to propose such
hooks.  In other words, I could try to make a patch for Knot Resolver
like the patch that I wrote for Unbound (without cost to NLnet Labs).
If you prefer, you could write the code.


Vernon Schryver    vjs@rhyolite.com