IETF Logo Mail Archive

Re: [DNSOP] I-D Action: draft-vixie-dns-rpz-04.txt

ac <ac@main.me> Mon, 19 December 2016 07:29 UTC

Return-Path: <ac@main.me>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 937CA129861 for <dnsop@ietfa.amsl.com>; Sun, 18 Dec 2016 23:29:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.791
X-Spam-Level:
X-Spam-Status: No, score=-1.791 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, SPF_PASS=-0.001, T_DKIM_INVALID=0.01] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (2048-bit key) reason="fail (message has been altered)" header.d=main.me
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id v6QASzD19yIz for <dnsop@ietfa.amsl.com>; Sun, 18 Dec 2016 23:29:30 -0800 (PST)
Received: from web.hostacc.com (hostacc.com [188.40.114.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8E646129530 for <dnsop@ietf.org>; Sun, 18 Dec 2016 23:29:30 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=main.me; s=default; h=Content-Transfer-Encoding:Content-Type:MIME-Version:References: In-Reply-To:Subject:Cc:To:From:Date:Sender:Reply-To:Message-ID:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=Tib9uAofdN2QJa+YM6E5YhyjEz/NW1Z2HF5F6wDC3Wk=; b=ThYOBOMohCdTIvZEbCVdGseO60 b2NJtGfsI3B/53kZC8Mj8Nd8jeQyvPFpKwsXzMJ4Lgc1+SCjDcazfjzwgniq5SOeqtxsRutOk5F3/ 45g6o+X62fz6fmn+2ZE18ZAdaSRIHs4ZB13EnVuoAtNmE6/hEFJtYDyac/iVikaUksuKsDx2ywSYb sHBpFlbmN5xHdSYGLa4VsWnxRV5xrTA2QnqQfQT68pKe2zxeJ4JNg9q55PLWEGbvKjZOVcSUua9db rHrACvFwC6rnwKzXZ4blzbLrnlHGB464G5CuI9mA5feB1oJ/8Ro8bmEcdHWhLNqNUNMPKvQM7ZJaw a7UtW1zQ==;
Received: from [165.255.65.6] (port=43700 helo=tree.nuts.me) by web.hostacc.com with esmtpsa (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.87) (envelope-from <ac@main.me>) id 1cIsO0-0005cV-5N; Mon, 19 Dec 2016 08:29:28 +0100
Date: Mon, 19 Dec 2016 09:28:54 +0200
From: ac <ac@main.me>
To: Ralf Weber <dns@fl1ger.de>
In-Reply-To: <5CAA0C17-B3F6-4518-90EC-9B0C59D75194@fl1ger.de>
References: <20161218224231.GB16301@odin.ulthar.us> <em8c69a376-3e56-437d-8fe4-d70af6aa0e63@bodybag> <20161219050559.6F643129497@ietfa.amsl.com> <5CAA0C17-B3F6-4518-90EC-9B0C59D75194@fl1ger.de>
Organization: acmain
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - web.hostacc.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - main.me
X-Get-Message-Sender-Via: web.hostacc.com: authenticated_id: ac@main.me
X-Authenticated-Sender: web.hostacc.com: ac@main.me
X-Source:
X-Source-Args:
X-Source-Dir:
Message-Id: <20161219072930.8E646129530@ietfa.amsl.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/qqP0LDka81r-97VahESPQVu_dF0>
Cc: "dnsop@ietf.org" <dnsop@ietf.org>
Subject: Re: [DNSOP] I-D Action: draft-vixie-dns-rpz-04.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Dec 2016 07:29:31 -0000

On Mon, 19 Dec 2016 07:53:42 +0100
"Ralf Weber" <dns@fl1ger.de> wrote:
> Moin!
> 
Aloha

<snip>
> > DNS admins also have a  fiduciary responsibility to their users.
> > Other services also have implied fiduciary responsibility, like
> > email, but DNS is a direct service - Your user is asking you, right
> > now, for a fact, not a best guess. Your user is asking you : What
> > are the operators of my bank saying their IP number is.
> So if this is the IP of a phishing site or the IP of an command and
> control host that tells its bot to execute criminal action you still
> valid the accuracy of the answer higher then possible damage this
> could do to your user?
> 
yes. 

In your example, ethically, it is a problem that should be addressed on IP, not on DNS

It is never okay to tell lies.

and then to add deception to the already ethically flawed approach
offends.  

> I don't and I've been using similar techniques either as employee of
> a DNS operator or a DNS software vendor for 10 years now.
> Local policy, which this is, always trumped validation and in the end
> user can validate and find out that this answer doesn't validate
> and then can try to find out why, but honestly most internet users
> have no idea what DNS let alone DNSSEC is or how to deal with it.
> Protecting Internet users with DNS by not letting them go to these
> sites seems like a good idea to me and is also done by e.g browser
> vendors (have you complained to them ;-).
> Sure this technology can be used to bad things, but that is true
> for a lot of other technologies also. It's the use that makes them
> bad and not the technology itself.
> 

this is exactly the same argument the authors of other software uses
and also argues for the use of DNS as a firewall, etc.

and you are of course correct: you are free to develop malware, write virus and do anything your heart
desires. It is your DNS servers, you may do anything you like and
answer anything you want.

but, to publish protocols and request comments on how to operate a
botnet or do whatever you wish to do that is not ethical, is crossing a line.

To legitimize the telling of lies and to define protocols that hides
the truth from users, (deception) for whatever reason, is wrong.

My argument is extremely simple to counter, I am saying one word:

dishonesty

I assume you are saying that it is okay to lie, cheat (and steal?) if
the reason you are doing it is well intended? - Please correct me if I
am wrong?

I am saying that it is never okay to lie, steal, cheat, deceive, etc.

maybe we can talk about that? Ethics? - Do DNS admins have other ethics
than those of normal people? Are DNS admins special? may they decide to
be the Internet Executioners and is it okay for DNS Admins to lie, cheat or steal?

> So long
or short, depending on your POV :)

Andre

v2.23.0 | Report a Bug | By Email