Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blacklists and Whitelists)
Keith Moore <moore@network-heretics.com> Sat, 08 November 2008 16:40 UTC
Return-Path: <ietf-bounces@ietf.org>
X-Original-To: ietf-archive@megatron.ietf.org
Delivered-To: ietfarch-ietf-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 204B03A688E; Sat, 8 Nov 2008 08:40:02 -0800 (PST)
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 06E113A688E for <ietf@core3.amsl.com>; Sat, 8 Nov 2008 08:40:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.685
X-Spam-Level:
X-Spam-Status: No, score=-1.685 tagged_above=-999 required=5 tests=[AWL=0.115, BAYES_00=-2.599, SARE_SUB_RAND_LETTRS4=0.799]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wcwWn0+bcfAk for <ietf@core3.amsl.com>; Sat, 8 Nov 2008 08:40:00 -0800 (PST)
Received: from m1.imap-partners.net (m1.imap-partners.net [64.13.152.131]) by core3.amsl.com (Postfix) with ESMTP id 0573A3A6882 for <ietf@ietf.org>; Sat, 8 Nov 2008 08:40:00 -0800 (PST)
Received: from lust.indecency.org (adsl-155-115-114.tys.bellsouth.net [72.155.115.114]) by m1.imap-partners.net (MOS 3.10.3-GA) with ESMTP id BEC98759 (AUTH admin@network-heretics.com) for ietf@ietf.org; Sat, 8 Nov 2008 08:39:50 -0800 (PST)
Message-ID: <4915C0D4.9050005@network-heretics.com>
Date: Sat, 08 Nov 2008 11:39:48 -0500
From: Keith Moore <moore@network-heretics.com>
User-Agent: Thunderbird 2.0.0.17 (Macintosh/20080914)
MIME-Version: 1.0
To: Ned Freed <ned.freed@mrochek.com>
Subject: Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blacklists and Whitelists)
References: <20081107111744.GA31018@nic.fr> <20081107141821.79303.qmail@simone.iecc.com> <45AEC6EF95942140888406588E1A660206A5D881@PACDCEXCMB04.cable.comcast.com> <4914D181.9090605@network-heretics.com> <278E245FD800CC334CA5100F@klensin-asus.icannmeeting.org> <01N1OF2N8AL400MISX@mauve.mrochek.com>
In-Reply-To: <01N1OF2N8AL400MISX@mauve.mrochek.com>
Cc: John C Klensin <john-ietf@jck.com>, Livingood Jason <Jason_Livingood@cable.comcast.com>, ietf@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: ietf-bounces@ietf.org
Errors-To: ietf-bounces@ietf.org
Ned Freed wrote: >> Sadly, I have to agree with Keith. While these lists are a >> fact of life today, and I would favor an informational document >> or document that simply describes how they work and the issues >> they raise, standardizing them and formally recommending their >> use is not desirable at least without some major changes in our >> email model and standards for what gets addresses onto --and, >> more important, off of-- those lists. > > Such a criticism might be a sensible response to a document that defines an > actual whitelisting or blacklisting service. But that's not what this document > does. Rather, this document defines vaarious formats for storing such > information in the DNS and procedures for querying that data. Specification of > actual services based on these formats and procedures is left for later > specifications. > > Standardizing these formats and procedures is important for at least two > reasons: (1) Without a specification nailing down these details there can be > (and in practice have been) interoperability problems between various > implementations and (2) Without something describing how to structure and > operate these systems they can, independent of the actual list content, create > serious operational problems. I could almost buy this argument. The reasons I don't buy it in this case are: (1) using the IP source address as an indicator of any kind of identity has been dubious for a long time (even in an enterprise network, but especially in the Internet at large), and it is only going to get more dubious in an era of IPv4/IPv6 transition where IPv4 addresses are shared between different entities. (2) use of DNS to communicate this information is a stretch at best. the protocol is too constrained, and not designed for a use case like this where the information that needs to be conveyed is very short-lived in nature. (3) the security considerations associated with such use, including considerations for denial-of-service attack, are quite difficult to address. so I think there's a compelling case to be made that any kind of DNSBL is a poor design not worthy of standardization. > Now, I am of course aware of the line of reasoning that says we should not > publish specifications for things that can potentially be abused. I'm sorry, > but if we take a candid look at how this strategy has played out with other > technologies ranging from MIME downgrading to NAT to Bonjour, I think the > record is fairly clear: We're much better off specifying things while calling > out the dangers of their use than we are when we all run off out our respective > corners and pout about the sad state of the world. I don't think the examples you cite demonstrate that. Standardizing NATs in the 1990s would not have helped because the widespread assumptions at that time were that you couldn't really change NAT behavior and that the NATs had to operate "transparently" to the applications. Even today we still don't know how to make a NAT that works well, without making the endpoints aware of the NAT, and giving them explicit control over bindings. As for Bonjour, I at least did try to call out dangers of the use of IPv4 linklocal addresses, and with overloading DNS names and APIs, and the WG repeatedly, stubbornly denied that those dangers existed.... and continued to do so until IESG pushed back on at least some of those points. But of course the question is not whether something like this can be abused - anything can be abused. The question is whether something like this encourages abuse, or if not deliberate abuse, whether it encourages degraded reliability of the email system. And I think there's a fair amount of empirical evidence that it does. That doesn't mean that we shouldn't try to design a better system for identifying and reporting sources of spam or viruses. But to me it seems entirely plausible that relying on DNS to transmit this information is part of the reason that DNSBLs are so often associated with abuse and denial-of-service attack. If we were designing such a system from scratch we'd naturally be concerned about things like accountability, repeatability, polling intervals, and identifying the precise criteria used to blacklist an address. We'd probably want to expose more information to the client about why a site was blacklisted, when it was blacklisted, and so forth, so that the client wouldn't be bouncing mail without a good reason. But trying to shoehorn this kind of service into DNS forces most of these considerations to be overlooked simply because there's not a good way to communicate them in DNS. Really what this document is trying to do is to standardize a crude hack - as well as being a blatant attempt at an end-run around our concensus processes. Publishing it as informational, with appropriate caveats about the inherent limitations of the approach (including security considerations) could be beneficial. But I can't see how the protocol described could ever be acceptable for the standards track. And I really think the characterization of "pout[ing] about the sad state of the world" is unhelpful. What we really need to be doing is figuring out how to retrofit or redesign the mail architecture to allow senders to be more accountable (with appropriate granularity), and to shift the cost of vetting mail to the senders. Trying to make tired, crude, poorly designed hacks work doesn't get us any closer to a viable solution to the spam problem. Keith _______________________________________________ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Stephane Bortzmeyer
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… John Levine
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Stephane Bortzmeyer
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… John L
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Dave CROCKER
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Sam Hartman
- The purpose of a Last Call Dave CROCKER
- RE: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Livingood, Jason
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Doug Otis
- Re: The purpose of a Last Call Pete Resnick
- Re: The purpose of a Last Call Sam Hartman
- Re: The purpose of a Last Call Leslie Daigle
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Keith Moore
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Keith Moore
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Keith Moore
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… John C Klensin
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… ned+ietf
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Dave CROCKER
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Eric Rescorla
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Keith Moore
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Dave CROCKER
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Keith Moore
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… John Levine
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Steven M. Bellovin
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Eric Rescorla
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… John C Klensin
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… John C Klensin
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Keith Moore
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Chris Lewis
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… John Levine
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Keith Moore
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Keith Moore
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Paul Hoffman
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Doug Ewell
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Chris Lewis
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Chris Lewis
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Chris Lewis
- draft-irtf-asrg-bcp-blacklists John Leslie
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Theodore Tso
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Keith Moore
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… John Levine
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Keith Moore
- Re: draft-irtf-asrg-bcp-blacklists SM
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Keith Moore
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Theodore Tso
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… John Levine
- Re: draft-irtf-asrg-bcp-blacklists John Levine
- Re: draft-irtf-asrg-bcp-blacklists Chris Lewis
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… David Conrad
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… John C Klensin
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… John C Klensin
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… John C Klensin
- RE: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Livingood, Jason
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… John Levine
- RE: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Livingood, Jason
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Chris Lewis
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Keith Moore
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Chris Lewis
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Keith Moore
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Matthias Leisi
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Keith Moore
- RE: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… michael.dillon
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Tony Hansen
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Steven M. Bellovin
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Chris Lewis
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Matthias Leisi
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… John Levine
- RE: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Livingood, Jason
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Keith Moore
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Dave CROCKER
- RE: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Steve Linford
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Tony Finch
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… der Mouse
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Keith Moore
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Keith Moore
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Tony Finch
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Keith Moore
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Tony Finch
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Keith Moore
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Tony Finch
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Tim Chown
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Theodore Tso
- RE: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… michael.dillon
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Steve Linford
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Lisa Dusseault
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Joe St Sauver
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Jamie Tomasello
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Tony Finch
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… der Mouse
- Re: draft-irtf-asrg-bcp-blacklists Rich Kulawiec
- IPv6 traffic stats (was: Re: Last Call: draft-irt… David Kessens
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Chris Lewis
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Keith Moore
- Re: IPv6 traffic stats Harald Alvestrand
- Re: IPv6 traffic stats Turchanyi Geza
- Re: IPv6 traffic stats Harald Alvestrand
- Re: IPv6 traffic stats Marc Manthey
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… SM
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Andrew Sullivan
- Re: IPv6 traffic stats Pekka Savola
- Re: IPv6 traffic stats Harald Alvestrand
- RE: IPv6 traffic stats Hallam-Baker, Phillip
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Tony Finch
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Andrew Sullivan
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Tony Finch
- Re: IPv6 traffic stats Geoff Huston
- Re: IPv6 traffic stats Peter Sherbin
- Re: IPv6 traffic stats Pekka Savola
- Re: IPv6 traffic stats (was: Re: Last Call: draft… Danny McPherson
- Re: IPv6 traffic stats Danny McPherson
- Re: IPv6 traffic stats Iljitsch van Beijnum
- Re: IPv6 traffic stats Iljitsch van Beijnum
- Re: IPv6 traffic stats (was: Re: Last Call: draft… David Kessens
- RE: IPv6 traffic stats TJ
- Re: IPv6 traffic stats (was: Re: Last Call: draft… Danny McPherson
- Re: IPv6 traffic stats (was: Re: Last Call: draft… David Kessens
- Re: IPv6 traffic stats (was: Re: Last Call: draft… Olivier MJ Crepin-Leblond
- Re: IPv6 traffic stats - limitations of 6to4 Pekka Savola
- Re: IPv6 traffic stats Pekka Savola
- Re: IPv6 traffic stats - limitations of 6to4 Rémi Després
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Doug Otis
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Chris Lewis
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Florian Weimer
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Florian Weimer
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Mark Andrews
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Florian Weimer
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Chris Lewis
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Florian Weimer
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… John Levine
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Florian Weimer
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Mark Andrews
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Mark Andrews
- Re: Last Call: draft-irtf-asrg-blinds (DNS Blackl… Chris Lewis