IETF Logo Mail Archive

Re: IP-based reputation services vs. DNSBL (long)

Eliot Lear <lear@cisco.com> Tue, 11 November 2008 15:01 UTC

Return-Path: <ietf-bounces@ietf.org>
X-Original-To: ietf-archive@megatron.ietf.org
Delivered-To: ietfarch-ietf-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id ED3F928C15E; Tue, 11 Nov 2008 07:01:43 -0800 (PST)
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E3B9E28C14E for <ietf@core3.amsl.com>; Tue, 11 Nov 2008 07:01:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id riZ8VdPaJTGD for <ietf@core3.amsl.com>; Tue, 11 Nov 2008 07:01:42 -0800 (PST)
Received: from ams-iport-1.cisco.com (ams-iport-1.cisco.com [144.254.224.140]) by core3.amsl.com (Postfix) with ESMTP id 7AE2728C0FD for <ietf@ietf.org>; Tue, 11 Nov 2008 07:01:41 -0800 (PST)
X-IronPort-AV: E=Sophos;i="4.33,584,1220227200"; d="scan'208";a="25288547"
Received: from ams-dkim-1.cisco.com ([144.254.224.138]) by ams-iport-1.cisco.com with ESMTP; 11 Nov 2008 15:00:37 +0000
Received: from ams-core-1.cisco.com (ams-core-1.cisco.com [144.254.224.150]) by ams-dkim-1.cisco.com (8.12.11/8.12.11) with ESMTP id mABF0Ypw021442; Tue, 11 Nov 2008 16:00:34 +0100
Received: from adsl-247-4-fixip.tiscali.ch (dhcp-10-61-106-206.cisco.com [10.61.106.206]) by ams-core-1.cisco.com (8.13.8/8.13.8) with ESMTP id mABF0X2k023368; Tue, 11 Nov 2008 15:00:33 GMT
Message-ID: <49199E11.1000508@cisco.com>
Date: Tue, 11 Nov 2008 16:00:33 +0100
From: Eliot Lear <lear@cisco.com>
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.1b2pre) Gecko/20081108 Shredder/3.0b1pre
MIME-Version: 1.0
To: Keith Moore <moore@network-heretics.com>
Subject: Re: IP-based reputation services vs. DNSBL (long)
References: <20081110213739.98316.qmail@simone.iecc.com> <49193FA7.7070101@cisco.com> <491969C8.60106@network-heretics.com>
In-Reply-To: <491969C8.60106@network-heretics.com>
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; l=4485; t=1226415634; x=1227279634; c=relaxed/simple; s=amsdkim1002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=lear@cisco.com; z=From:=20Eliot=20Lear=20<lear@cisco.com> |Subject:=20Re=3A=20IP-based=20reputation=20services=20vs.= 20DNSBL=20=20(long) |Sender:=20; bh=+o5LZ8qu9yg/slwyRuJRCJhsPYpQp8XzP1FTj5HlPSM=; b=JbDP//BrzAyhMgnX2xRdFJN1DdLvQlhsHGNATYeXqxeHRW+AMjW0qcb9XA 6SGLhCk/mJDyx+9OxFT0n8mLPoadQP3mNZg/Rn+UlkfrA6N39PyhQYocZUzC DbJKB3yyxd;
Authentication-Results: ams-dkim-1; header.From=lear@cisco.com; dkim=pass ( sig from cisco.com/amsdkim1002 verified; );
Cc: ietf@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Sender: ietf-bounces@ietf.org
Errors-To: ietf-bounces@ietf.org

Keith,
> 1. Would declining to publish as a standard harm or hurt the
>> community?  Would refusing to publish as a standard stop implementations
>> or merely create potential interoperability issues that could lead to
>> more legitimate messages being dropped?
>>      
>
> How are either of these questions relevant to the criteria in RFC 2026?
>    

Since the request to advance in this case is for PS, there is a 
relatively low threshold to move the thing forward, as documented in 
Section 4 of RFC 2026.  Section 6 of RFC 2026 requires the IESG to use 
its collective judgment in reviewing requests for advancement.  I am 
attempting with both questions to provide guidance to the IESG as to how 
to how they might judge.

> The working group could analyze the requirements of a reputation service
> based on IP address, determine whether and how any newly discovered
> requirements could be met using DNS, and fill in any details that are
> missing from the informational specification that are needed for
> reliable and robust interoperation _of the mail transport system_ when
> using DNSxBLs.
>    

That's all rather nebulous, Keith.  You then go on to cite examples 
which in fact are addressed very specifically in the draft, and so I 
suspect they are merely pretenses for what is really irking you, which 
you have stated repeatedly, first in your initial message on this thread:

> Under no circumstances should any kind of Blacklists or Whitelists be
> accepted by IETF as standards-track documents.  These lists are
> responsible for huge numbers of illegitimate delivery failures.  We
> should no more be standardizing such lists than to be standardizing spam.
>    

and then in response to my note:

> My belief is that among the goals of standardizing this practice would
> be:  To improve transparency and accountability of DNSBLs to end users
> over what it is now, to improve security and reduce the potential for
> use of DNSBLs for attack (including both DoS attack and thwarting of
> spam blocking), to improve consistency in reporting between different
> DNSBLs.
>    

And what makes you think a technical standard would do that when it 
never has in the past?  Once again, I think you are overstating the role 
of this organization.  The choices a DNSBL makes to list someone are 
entirely its own.  The choice to use a given DNSBL is entirely that of 
the MTA administrator.  You cannot specify a standard to force a DNSBL 
to disgorge its logic.  When we have tried this in the past we ended up 
with superfluous information undermining confidence in any useful 
information that may be out there.  One need look no further than the 
value of old WKS records.

>
> I hope the IESG will respect our established process, and recognize that
> (a) there are indeed technical omissions in this document, and (b) the
> document as currently written does not have rough consensus of the IETF
> technical community, as shown already by the expressed concerns of
> several contributors to this list.
>    

(a)  You complained about a lack of discussion on TTLs, which is in fact 
in the draft.  You complained about a lack of security considerations, 
which is in fact in the draft, and you complained about TXT records not 
being required, when in fact the draft makes use of a SHOULD.  It is not 
clear to me that a MUST meets the criteria listed in RFC 2119.

(b)  I count three or four very vocal opponents versus an enormous 
installed base.  But even were it more, I would hope the IESG wouldn't 
only use rough consensus to move forward, but also their judgment, for 
which we pay them so much ;-)  And that leads to my questions, which can 
be summed up as follows:

    * Are we better off with or without a proposed standard in this space?
    * Is this document the right document to base that standard on?
    * Is there sufficient benefit to be had by creating a working group?


For the record, my answer to these questions are Yes, Yes, and No.  I 
believe the onus is on those who would want a working group to come up 
with at least a plausible outcome that could improve the document.  Thus 
far I've heard no such thing, and there are risks for delaying 
publication, one of which would be calling into question the IETF's 
relevance.

Eliot

ps: for the astute, we are nearly back to a NAT argument.  The IETF 
version of Godwin's Law may apply.

_______________________________________________
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

v2.23.0 | Report a Bug | By Email