Re: [DNSOP] DNSOP Call for Adoption draft-vixie-dns-rpz

"John Levine" <johnl@taugh.com> Thu, 29 December 2016 05:46 UTC

Return-Path: <johnl@taugh.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DC67F129541 for <dnsop@ietfa.amsl.com>; Wed, 28 Dec 2016 21:46:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QZ_GRQ2tR5Pu for <dnsop@ietfa.amsl.com>; Wed, 28 Dec 2016 21:46:22 -0800 (PST)
Received: from miucha.iecc.com (abusenet-1-pt.tunnel.tserv4.nyc4.ipv6.he.net [IPv6:2001:470:1f06:1126::2]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9933212953A for <dnsop@ietf.org>; Wed, 28 Dec 2016 21:46:22 -0800 (PST)
Received: (qmail 70149 invoked from network); 29 Dec 2016 05:46:27 -0000
Received: from unknown (64.57.183.18) by mail1.iecc.com with QMQP; 29 Dec 2016 05:46:27 -0000
Date: Thu, 29 Dec 2016 05:45:59 -0000
Message-ID: <20161229054559.31443.qmail@ary.lan>
From: John Levine <johnl@taugh.com>
To: dnsop@ietf.org
In-Reply-To: <20161229040637.GA26031@odin.ulthar.us>
Organization:
X-Headerized: yes
Mime-Version: 1.0
Content-type: text/plain; charset="utf-8"
Content-transfer-encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/wg3KyIq8KX6qI_Kk6pnHAHGKiSI>
Cc: i.grok@comcast.net
Subject: Re: [DNSOP] DNSOP Call for Adoption draft-vixie-dns-rpz
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Dec 2016 05:46:24 -0000

>I'm seeing how it really helps governments cheaply create and enforce
>the creation of national internets -- especially with the walled garden
>features.  Are those the good guys to you, or are there other benefits?

Please see the previous gazillion messages from people who are using
RPZ in production to keep malware away from their users.

Also see the previous gazillion messages noting that governments do
all sorts of DNS censorship now and don't need RPZ.

Could you explain in more detail why you don't believe operators will
continue to use RPZ to protect their users, and why you think hostile
actors will do things with RPZ that they couldn't do now?

R's,
John