"lets standardize this 'cause everyone does it" sounds like the medical community should have standardized on whiskey & leaches & coat hangers because thats what everyone did. if this work does proceed, i'd like to insist that it carry a disclaimer that it is designed specifically for closed networks and is not to be used in the Internet. Indeed, thedraft is very clear this is for enclaves and not for open Internet use.
/Wm On Thu, Dec 29, 2016 at 10:15 AM, Vernon Schryver <v...@rhyolite.com> wrote: > > From: Richard Clayton <rich...@highwayman.com> > > > Everyone involved understands that there isn't at present a turnkey > > application that the other 5% (and indeed all the in-house corporate > > systems) could deploy.... > > I do not understand that. > If the command `nslookup -q=txt -class=CHAOS version.bind` to a UNIX > shell or Windows command prompt on your desktop says anything about > BIND, then chances are good that you are already using one of the > turnkey applications that in-house corporate systems and others have > already deployed and could configure. Even if there is no sign of > BIND9 from that `nslookup` command, the odds are good that the recursive > server you use has an RPZ taint or will have within months. > > > > So although deploying RPZ does a reasonable job of papering over the > > cracks in our response to cybercrime I think that on balance it's too > > dangerous a tool for the IETF to wish to bless in any way -- it's poor > > social hygiene to standardise these types of tools. > > While I understand how a reasonable person can hold that position, > I think the papered cracks are not only less bad, but the best that > can be hoped for in the real world. > > > > I also note from reading the draft that this blessing will freeze in > > some rather ugly design (with the authors arguing that the installed > > base cannot adjust to something cleaner). > > That is not the intended meaning of the draft. Instead it tried to > acknowledge the extreme difficulty of changing an installed base. > Words that convey that intended meaning would be appreciated. > > > Vernon Schryver v...@rhyolite.com > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop >
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
