Re: [v6ops] Review of: draft-ietf-v6ops-v6-aaaa-whitelisting-implications-03 *(formal for apps area)*
On Tue, May 31, 2011 at 6:17 AM, Livingood, Jason jason_living...@cable.comcast.com wrote: While you have not contributed text per se (by sending it directly), I try to be a good listener and items you and other Googlers have raised have been included in the document around motivations and so on. Even new Sections 3.2 and 3.2 were added based on listening to you and/or your colleagues talk about the issue (and some direct conversations a couple of weeks ago). Sure - anything said at the IETF and on mailing lists is subject to the note well. But I wouldn't want to be seen as having contributed to the document. Regards, Lorenzo ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: [v6ops] Review of: draft-ietf-v6ops-v6-aaaa-whitelisting-implications-03 *(formal for apps area)*
On May 30, 2011, at 11:09 PM, Lorenzo Colitti wrote: On Mon, May 30, 2011 at 8:48 AM, Gert Doering g...@space.net wrote: I have no idea what a v6 DNS ACL should be, except maybe an ACL that protects which IPv6 clients are allowed to talk to a DNS server. ACL is the wrong term. Saying it's an ACL makes it easy to make the argument that whoever is implementing this is denying access to a particular resource (the record). In fact, the opposite is true - by electing not to return an record, the implementer is able to allow access to a particular resource (the content that the user wants to reach) instead of publishing the resource over IPv6 where some users can't usefully reach it. Which is of course, the root of the problem here. It is the reason why many large website operators have either implemented whitelisting (Google, Facebook) or have announced that they will be implementing whitelisting (Yahoo, Akamai). And it is the reason why said website operators are not contributing to this document. But you've contributed to this document, so have others from that list. ___ v6ops mailing list v6...@ietf.org https://www.ietf.org/mailman/listinfo/v6ops ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: [v6ops] Review of: draft-ietf-v6ops-v6-aaaa-whitelisting-implications-03 *(formal for apps area)*
On May 30, 2011, at 11:48 PM, Lorenzo Colitti wrote: On Mon, May 30, 2011 at 11:20 PM, Joel Jaeggli joe...@bogus.com wrote: But you've contributed to this document, so have others from that list. I don't want to contribute to the document because - in my opinion, and speaking only for myself - I don't think it can be made into a balanced assessment of the issue without major changes. I do things that the ietf says are a bad idea all the time, I take the concerns expressed in informational documents that I've read under-advisement when I do so. Since a) I don't have even a fraction of the time I would need to actually contribute said changes, b) the document is already in an advanced state of the IETF process, and c) it doesn't matter so much what the document ends up saying, because most of the organizations for whom this is an issue have already looked at the data and recognized that they have no alternative, I was simply steering clear of the document entirely. It's true that I have pointed out things I think are incorrect. But I did not view these as contributions, more as offering occasional token opposition lest silence be interpreted as assent. :-) But perhaps you're right and I should not comment on it at all. Cheers, Lorenzo ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: [v6ops] Review of: draft-ietf-v6ops-v6-aaaa-whitelisting-implications-03 *(formal for apps area)*
On 5/31/11 2:48 AM, Lorenzo Colitti lore...@google.commailto:lore...@google.com wrote: On Mon, May 30, 2011 at 11:20 PM, Joel Jaeggli joe...@bogus.commailto:joe...@bogus.com wrote: But you've contributed to this document, so have others from that list. I don't want to contribute to the document While you have not contributed text per se (by sending it directly), I try to be a good listener and items you and other Googlers have raised have been included in the document around motivations and so on. Even new Sections 3.2 and 3.2 were added based on listening to you and/or your colleagues talk about the issue (and some direct conversations a couple of weeks ago). In any case, I appreciate your feedback and opinions. At the end of the day it is only an informational I-D, and not a standard or BCP, so maybe not such a big deal. Regards Jason ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: [v6ops] Review of: draft-ietf-v6ops-v6-aaaa-whitelisting-implications-03 *(formal for apps area)*
Hi, On Mon, May 30, 2011 at 08:34:21AM -0700, Dave CROCKER wrote: ACL or V6 DNS ACL or V6 resolver ACL now seem to me quite good labels. They provide useful, direct and precise meaning, while avoiding the various referential and denotational problems of a loaded term like whitelist. I have no idea what a v6 DNS ACL should be, except maybe an ACL that protects which IPv6 clients are allowed to talk to a DNS server. Whitelisting, on the other hand, is the term that Google introduced for this kind of thing and people seem to clearly understand what this is about. You are on my white list of people that I like talking to!. Gert Doering -- Operator -- did you enable IPv6 on something today...? SpaceNet AGVorstand: Sebastian v. Bomhard Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (89) 32356-444USt-IdNr.: DE813185279 ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: [v6ops] Review of: draft-ietf-v6ops-v6-aaaa-whitelisting-implications-03 *(formal for apps area)*
On Mon, May 30, 2011 at 8:48 AM, Gert Doering g...@space.net wrote: I have no idea what a v6 DNS ACL should be, except maybe an ACL that protects which IPv6 clients are allowed to talk to a DNS server. ACL is the wrong term. Saying it's an ACL makes it easy to make the argument that whoever is implementing this is denying access to a particular resource (the record). In fact, the opposite is true - by electing not to return an record, the implementer is able to allow access to a particular resource (the content that the user wants to reach) instead of publishing the resource over IPv6 where some users can't usefully reach it. Which is of course, the root of the problem here. It is the reason why many large website operators have either implemented whitelisting (Google, Facebook) or have announced that they will be implementing whitelisting (Yahoo, Akamai). And it is the reason why said website operators are not contributing to this document. ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: [v6ops] Review of: draft-ietf-v6ops-v6-aaaa-whitelisting-implications-03 *(formal for apps area)*
On Mon, May 30, 2011 at 11:20 PM, Joel Jaeggli joe...@bogus.com wrote: But you've contributed to this document, so have others from that list. I don't want to contribute to the document because - in my opinion, and speaking only for myself - I don't think it can be made into a balanced assessment of the issue without major changes. Since a) I don't have even a fraction of the time I would need to actually contribute said changes, b) the document is already in an advanced state of the IETF process, and c) it doesn't matter so much what the document ends up saying, because most of the organizations for whom this is an issue have already looked at the data and recognized that they have no alternative, I was simply steering clear of the document entirely. It's true that I have pointed out things I think are incorrect. But I did not view these as contributions, more as offering occasional token opposition lest silence be interpreted as assent. :-) But perhaps you're right and I should not comment on it at all. Cheers, Lorenzo ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: [v6ops] Review of: draft-ietf-v6ops-v6-aaaa-whitelisting-implications-03 *(formal for apps area)*
Gert Doering g...@space.net wrote: Whitelisting, on the other hand, is the term that Google introduced for this kind of thing and people seem to clearly understand what this is about. You are on my white list of people that I like talking to!. I think it's OK to refer to it as whitelisting. I think it is confusing to refer to it as DNS whitelisting. Resolver whitelist is better (it's a whitelist of resolvers) or perhaps IPv6 whitelisting (what members of the list are cleared to use) if you need a short phrase. Speaking of confusing, the first sentence of the abstract and introduction in the current revision of the draft is an abomination that should be taken out and shot. Tony. -- f.anthony.n.finch d...@dotat.at http://dotat.at/ Rockall, Malin, Hebrides: South 5 to 7, occasionally gale 8 at first in Rockall and Malin, veering west or northwest 4 or 5, then backing southwest 5 or 6 later. Rough or very rough. Occasional rain. Moderate or good, occasionally poor. ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: [v6ops] Review of: draft-ietf-v6ops-v6-aaaa-whitelisting-implications-03 *(formal for apps area)*
On 5/31/11 12:00 PM, Tony Finch d...@dotat.atmailto:d...@dotat.at wrote: Speaking of confusing, the first sentence of the abstract and introduction in the current revision of the draft is an abomination that should be taken out and shot. [JL] Great feedback – I just did it. Here's the updated Abstract (carried into the Intro as well). If you think it is still convoluted, just say so and I'll take another turn at it. New text: This document describes the practice and implications of whitelisting DNS recursive resolvers in order to limit resource record responses (which contain IPv6 addresses) sent by authoritative DNS servers. This is an IPv6 transition mechanism used by domains as a method for incrementally transitioning inbound traffic to a domain from IPv4 to IPv6 transport. The audience for this document is the Internet community generally, particularly IPv6 implementers. Thanks! Jason ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf