Send
anti-abuse-wg mailing list submissions to
anti-abuse-wg@ripe.net
To
subscribe or unsubscribe via the World Wide Web,
visit
https://lists.ripe.net/mailman/listinfo/anti-abuse-wg
or, via email,
send a message with subject or body 'help'
to
anti-abuse-wg-request@ripe.net
You can reach the person managing
the list at
anti-abuse-wg-owner@ripe.net
When replying, please edit
your Subject line so it is more specific
than "Re: Contents of anti-abuse-wg
digest..."
Today's Topics:
1. Re: DNS Abuse,
Abuse of Privacy & Legitimizing Criminal
Activity (Michele Neylon - Blacknight)
2. Re: DNS Abuse, Abuse
of Privacy & Legitimizing Criminal
Activity (ox)
3. Re: DNS Abuse, Abuse of Privacy &
Legitimizing Criminal
Activity (Michele Neylon
- Blacknight)
4. Re: DNS Abuse, Abuse of Privacy &
Legitimizing Criminal
Activity
(ox)
5. Re: DNS Abuse, Abuse of Privacy & Legitimizing
Criminal
Activity (Thomas
Mechtersheimer)
6. Re: DNS Abuse, Abuse of Privacy &
Legitimizing Criminal
Activity
(ox)
----------------------------------------------------------------------
Message:
1
Date: Thu, 5 Jan 2017 16:43:44 +0000
From: Michele Neylon - Blacknight
<michele@blacknight.com>
To: ox <andre@ox.co.za>, Suresh
Ramasubramanian <ops.lists@gmail.com>
Cc: Luis E. Mu?oz
<lem@uniregistry.link>, Mark Foster
<blakjak@gmail.com>,
"anti-abuse-wg@ripe.net" <anti-abuse-wg@ripe.net>
Subject: Re:
[anti-abuse-wg] DNS Abuse, Abuse of Privacy &
Legitimizing Criminal
Activity
Message-ID:
<5C898951-97F9-4DED-8A3F-D39013F6EDF1@blacknight.com>
Content-Type:
text/plain; charset="utf-8"
Nobody is forcing anyone to use RPZ. There
are thousands of IETF documents covering a multitude of technologies, both real
and imagined (just look at the avian carriers series).
Personally I
used to have issues with the concept of RPZ when it was first raised years ago,
but my views have changed over time, though apparently you only discovered it a
couple of weeks ago.
In any case, like so many other technologies, it is a
tool. People using RPZ do so for a variety of reasons and they should be free to
do so.
Many of us use DNSBLs to protect our users? inboxes from spam,
phishing and other junk. RPZ is a different tech, but in the end is just another
tool in our toolbox.
And please don?t bring Trump (or any other
politician) into this. Apart from anything else this is a RIPE list not an ARIN
one ?
Regards
Michele
--
Mr Michele
Neylon
Blacknight Solutions
Hosting, Colocation &
Domains
http://www.blacknight.host/
http://blacknight.blog/
http://ceo.hosting/
Intl.
+353 (0) 59 9183072
Direct Dial: +353 (0)59
9183090
-------------------------------
Blacknight Internet Solutions Ltd,
Unit 12A,Barrowside Business Park,Sleaty
Road,Graiguecullen,Carlow,R93
X265,
Ireland Company No.:
370845
------------------------------
Message:
2
Date: Fri, 6 Jan 2017 06:47:03 +0200
From: ox
<andre@ox.co.za>
To: Michele Neylon - Blacknight
<michele@blacknight.com>
Cc: "anti-abuse-wg@ripe.net"
<anti-abuse-wg@ripe.net>
Subject: Re: [anti-abuse-wg] DNS Abuse, Abuse
of Privacy &
Legitimizing Criminal Activity
Message-ID:
<mailman.3460.1483696627.1952.anti-abuse-wg@ripe.net>
Content-Type:
text/plain; charset=UTF-8
On Thu, 5 Jan 2017 16:43:44 +0000
Michele
Neylon - Blacknight <michele@blacknight.com> wrote:
> Nobody is
forcing anyone to use RPZ. There are thousands of IETF
> documents
covering a multitude of technologies, both real and
> imagined (just look
at the avian carriers series).
>
You are missing important facts in
your truthful statement...
(so I am agreeing with you 100% - But, you need to
add the rest of the truth)
The Bind software is the dominant DNS software
on the planet.
The IETF doc, relating to RPZ - is intended for Bind
ops.
If left unchallenged, RPZ will become a standard (RFC)
Which
will legitimize it.
NONE of the other real and imagined docs you refer
to have anywhere
near the same potential direct impact.
But, as you
are arguing this, I am sure that you will tell me why I am
wrong?
I am
sure that you will also send me a link to a document that defines
protocols
for fraud, theft and crime?
Also, where are the lines then? I mean is
hacker tools, cracking
software, theft and fraud okay and we do not support
child porn?
Or are you saying that child porn is also okay? Not clear on
what you
are saying Michelle? Are you saying that RPZ is okay? That there
are
worse abuse out there and we should not be concerned with dns
abuse?
I do understand that people are free to use cracker and
hacker
tools, free to commit theft, fraud and do whatever their little hearts
desire.
What I am objecting to, is that non ethical software and systems
are
being legitimized.
>
> Personally I used to have issues
with the concept of RPZ when it was
> first raised years ago, but my views
have changed over time, though
> apparently you only discovered it a
couple of weeks ago. In any case,
I honestly thought that "someone" would
stand up and say something as
it is so very wrong that it was unimaginable
that it would gain so much
traction.
> like so many other
technologies, it is a tool. People using RPZ do so
> for a variety of
reasons and they should be free to do so. Many of us
> use DNSBLs to
protect our users? inboxes from spam, phishing and
> other junk. RPZ is a
different tech, but in the end is just another
> tool in our
toolbox.
>
> And please don?t bring Trump (or any other politician)
into this.
> Apart from anything else this is a RIPE list not an ARIN one
?
>
I could have used eu examples, but, this being RIPE...
(usa
examples are less direct)
- The point I made was: The World Has Changed.
(that goes for the
eu/usa/africa/all)
Andre
------------------------------
Message:
3
Date: Fri, 6 Jan 2017 06:30:32 +0000
From: Michele Neylon - Blacknight
<michele@blacknight.com>
To: ox <andre@ox.co.za>
Cc:
"anti-abuse-wg@ripe.net" <anti-abuse-wg@ripe.net>
Subject: Re:
[anti-abuse-wg] DNS Abuse, Abuse of Privacy &
Legitimizing Criminal
Activity
Message-ID:
<DC542018-9D33-4087-AB71-05FB14AF049C@blacknight.com>
Content-Type:
text/plain; charset="utf-8"
If you want to lodge your opposition with
IETF about a potential protocol / standard / $thing there are mechanisms to do
so.
However you would need to get past your emotive arguments and focus on
clear objective issues.
What are your issues with RPZ?
How are those
issues presented?
What is the concern that you want to voice?
(While
you?re free to share them on this list this isn?t IETF, so it won?t have any
impact on any RFC .. )
Regards
Michele
--
Mr
Michele Neylon
Blacknight Solutions
Hosting, Colocation &
Domains
http://www.blacknight.host/
http://blacknight.blog/
http://ceo.hosting/
Intl.
+353 (0) 59 9183072
Direct Dial: +353 (0)59
9183090
-------------------------------
Blacknight Internet Solutions Ltd,
Unit 12A,Barrowside Business Park,Sleaty
Road,Graiguecullen,Carlow,R93
X265,
Ireland Company No.:
370845
------------------------------
Message:
4
Date: Fri, 6 Jan 2017 09:12:47 +0200
From: ox
<andre@ox.co.za>
To: Michele Neylon - Blacknight
<michele@blacknight.com>
Cc: "anti-abuse-wg@ripe.net"
<anti-abuse-wg@ripe.net>
Subject: Re: [anti-abuse-wg] DNS Abuse, Abuse
of Privacy &
Legitimizing Criminal Activity
Message-ID:
<mailman.3461.1483696627.1952.anti-abuse-wg@ripe.net>
Content-Type:
text/plain; charset=UTF-8
On Fri, 6 Jan 2017 06:30:32 +0000
Michele
Neylon - Blacknight <michele@blacknight.com> wrote:
> If you want to
lodge your opposition with IETF about a potential
> protocol / standard /
$thing there are mechanisms to do so. However
> you would need to get past
your emotive arguments and focus on clear
> objective issues. What are
your issues with RPZ? How are those issues
> presented? What is the
concern that you want to voice?
> (While you?re free to share them on this
list this isn?t IETF, so it
> won?t have any impact on any RFC ..
)
>
As you have said that RPZ is just another tool (to fight abuse)
my
positions in this wg is to educate, discuss and agitate for change.
I
cannot do that if I am alone, or if I do not understand why we are
where
we are. During the thread on the DNS OPS list, I learned that we
are where we
are because the majority of DNS OPS do not understand that
domains are
intellectual property and that many of them did not
understand
abuse.
What I have learned up to now, here, is that there is either
general
apathy or a non understanding of the principles.
So, I truly
thank you for your constructive comments as I am stuck at
the emotive side
and I think I suck a bit at proper communication
The clear objective
issue with RPZ is that it is unethical.
Can you maybe help me to
formulate this in a non emotive manner?
What I have is examples of
what RPZ facilitates:
In truth Google.com is at a.a.a.a (or ipv6
eq)
If user1 asks resolver the IP number for Google.com, the resolver
can
send false answer of x.x.x.x
If user2 asks the same resolver
where Google.com is, the resolver can
supply false answer of y.y.y.y because
user2 is doing the asking
If user3 asks the same resolver where Google.com
is, the same resolver
can answer a.a.a.a
In all the above examples where
fake (or any) answers were supplied,
the resolver also hides the truth of the
fake answer, to the
user.
Andre
------------------------------
Message:
5
Date: Thu, 5 Jan 2017 11:43:33 +0100
From: Thomas Mechtersheimer
<thomasm@wupper.com>
To: anti-abuse-wg@ripe.net
Subject: Re:
[anti-abuse-wg] DNS Abuse, Abuse of Privacy &
Legitimizing Criminal
Activity
Message-ID:
<20170105104333.GK11359@mechti.nrw.net>
Content-Type: text/plain;
charset=us-ascii
On Thu, Jan 05, 2017 at 12:04:19PM +0200, ox
wrote:
>[...]
> But, you neglected to add - That is is not socially
acceptable to
> define protocols for defrauding people, to tell lies,
commit deception,
Who defines waht is socially acceptable?
btw:
most phishing pages use HTTP; HTTP is used for fraud and lies
(probably more
than RPZ will ever be...); but no one objects the use of
HTTP as a protocol
-- as the protocol by itself has no moral "value";
it's only the use of a
protocol for fraud which is not acceptable.
>[...]
> Heck, if
you are honest, and from the responses in this thread, it is
> already
"best practise" and quite acceptable to use/apply RPZ - as
> apparently
"many" are doing this and has been doing it for years.
Yes; mangling of
DNS responses has been done for years; RPZ only defines a
standard for this
procedure (which is better than having many
non-standard
ways).
>[...]
> That RPZ is DNS abuse, in
itself, it is an abuse to Internet Society
> and it serves to promote
Crime.
This is your point of view. Could you provide some evidence where
RPZ
promotes crime etc. (more than it helps preventing it)?
Repeating "RPZ
is Evil" again and again doesn't convice me, but as you
said: we're in a
post-truth world...
Thomas
------------------------------
Message:
6
Date: Fri, 6 Jan 2017 11:56:21 +0200
From: ox
<andre@ox.co.za>
To: Thomas Mechtersheimer
<thomasm@wupper.com>
Cc: anti-abuse-wg@ripe.net
Subject: Re:
[anti-abuse-wg] DNS Abuse, Abuse of Privacy &
Legitimizing Criminal
Activity
Message-ID:
<mailman.3462.1483696627.1952.anti-abuse-wg@ripe.net>
Content-Type:
text/plain; charset=US-ASCII
On Thu, 5 Jan 2017 11:43:33 +0100
Thomas
Mechtersheimer <thomasm@wupper.com> wrote:
> On Thu, Jan 05, 2017 at
12:04:19PM +0200, ox wrote:
> >[...]
> > But, you neglected to
add - That is is not socially acceptable to
> > define protocols for
defrauding people, to tell lies, commit
> > deception,
>
>
Who defines waht is socially acceptable?
>
Great point
:)
Society defines its own ethics, morals and values. For example it
would
be perfectly acceptable to eat other people if we were cannibals
:)
In modern societies, from African, to Eastern, To American,
European,
etc. I would argue that there are certain "baselines"
For
example, it is not acceptable to eat people, as it is also not
acceptable to
defraud and tell lies.
Or do you not agree?
> btw: most
phishing pages use HTTP; HTTP is used for fraud and lies
> (probably more
than RPZ will ever be...); but no one objects the use
> of HTTP as a
protocol -- as the protocol by itself has no moral
> "value"; it's only
the use of a protocol for fraud which is not
> acceptable.
>
Yes, and the but... Nowhere is there a protocol or defined method in
RFC
about http's that promotes deception and lies...
So, it is not about the
technology existing - as was recently pointed
out, technology in itself
cannot be unethical... It is about the
publication of a process that is
unethical and if leaved unopposed will,
in all probability, lead to a
"standard"
> >[...]
> > Heck, if you are honest, and from
the responses in this thread, it
> > is already "best practise" and
quite acceptable to use/apply RPZ -
> > as apparently "many" are doing
this and has been doing it for years.
>
> Yes; mangling of DNS
responses has been done for years; RPZ only
> defines a standard for this
procedure (which is better than having
> many non-standard ways).
>
same as above
> >[...]
> > That RPZ is DNS abuse, in
itself, it is an abuse to Internet Society
> > and it serves to promote
Crime.
>
> This is your point of view. Could you provide some
evidence where RPZ
> promotes crime etc. (more than it helps preventing
it)?
> Repeating "RPZ is Evil" again and again doesn't convice me, but as
you
> said: we're in a post-truth world...
>
I did post an exact
example, but here it is again:
The clear objective issue with RPZ is that
it is unethical.
Can you maybe help me to formulate this in a non emotive
manner?
What I have is examples of what RPZ facilitates:
In
truth Google.com is at a.a.a.a (or ipv6 eq)
If user1 asks resolver the IP
number for Google.com, the resolver can
send false answer of x.x.x.x
If user2 asks the same resolver where Google.com is, the resolver
can
supply false answer of y.y.y.y because user2 is doing the asking
If
user3 asks the same resolver where Google.com is, the same resolver
can
answer a.a.a.a
In all the above examples where fake (or any) answers were
supplied,
the resolver also hides the truth of the fake answer, to the
user.
Andre
End of anti-abuse-wg Digest, Vol 62, Issue
9
********************************************