On Wed, 4 Jan 2017 09:31:37 +0000 Rob Evans <r...@nosc.ja.net> wrote: > >> The presumed draft you're unhappy about > >> (https://datatracker.ietf.org/doc/draft-vixie-dns-rpz/) is > >> informational. It is not a standard. > > not yet a standard. operational word, I guess, is yet. so there is > > still time to create awareness and to speak out. > More than that, it hasn't yet been adopted by the dnsop working group > in the IETF, where a similar discussion is happening, and I don't > believe the authors have stated an aim for an individual submission > RFC. > Raising awareness of RPZ is good, however it's an operational tool > that many service providers and enterprises might want in their > arsenal (even if as an opt-in). > This is also maybe a good discussion to have in an abuse wg on a different thread:Why "DNS Firewalls" and RPZ is the wrong abuse tool to use or why it is a "good tool" for providers and enterprises to use. Whether "walled off Internet gardens" is a good thing for abuse and how that balances out with freedom, openness and the other pesky problems.
About this thread though, it is very important that any inkling of this becoming an RFC needs to generate much more interest and involvement than DNS ops. Judging from where RPZ is at now: Adding DECEPTION to LIES, and producing different lies depending on which user is asking the questions, is patently and clearly not good. Arguments that we need to become killers because there are killers is simply not in the best interests of a free and open society. DNS ops quite obviously cannot be objective, AND they cannot be left alone with this issue. It is clear where this laissez-faire re RPZ has led and produced over the past 7? years! And abuse admins will be directly impacted by the adoption of this as a standard. > The best place to discuss furthering (or otherwise) RPZ is likely to > be on the IETF's dnsop list. > Not really. (and I have already done that anyway) It is the DNS Op's whom are in need of protection against themselves. As I said above, the drift over the past years has been to use non ethical, dishonest methods (and now also to even use deception and hide their lies) - Non acceptable and the abuse admins and others need to become involved as the situation is not fixing itself. It is the entire methodology and flawed foundation of the entire RPZ protocol that is in question. if you build a house foundation in clay, your walls will crack. If the majority here agrees that RPZ is evil, then we may start discussing why DNS is better used as a reactive abuse tool and poorly suited to "firewall" use and that it is completely wrong to promote a method that involves promoting dishonesty. If the majority does not agree that RPZ is evil, as you seem not to yourself? then we still need to discuss the WHY you think it is not evil and why you think it is a good idea to tell different lies to different users and to hide the truth from your own users, etc etc Andre
