Richard, We are in agreement about despots, thank you for adding semantics and details. In order to communicate the problem, I found that it is required to argue it in terms of "post-truth" otherwise, your pov will be rejected, outright or, at best, result in very long explanations (and being called a troll, etc) Many people are simply stuck in what they think the truth is and showing them "another truth" is not that easy. More so, if they are strongly opinionated DNS ops whom believe that they are "doing the right thing" Anyway, my main objection still is that we cannot legitimize Distributed Denial of Service software. We cannot legitimize Brute Force cracking Software - So we also cannot legitimize RPZ RPZ is unethical. ************ Arguing that RPZ is used for good is EXACTLY the same as using a DDOS tool to "take out" a network or server. a botnet or drt-botnet can be used for "good" in exactly the same fashion RPZ is used for "good" ************ RPZ is simply unethical and very wrong. There is no due process, there is simple vigilante behavior. And there is lies to users and then deception, on top of different lies. Reference to President Elect Donald Trump and North Korea IS 100% related to this WG, here is why: RPZ is a tool that works in exactly the same way as nuclear weapons do: If 8.8.8.8 tells you example.com is at c.c.c.c and someone else that example.com is at q.q.q.q - and simply starts making up its own answers it will be far too late for you to even try to explain to anyone that there is a problem as the people that understands the problem and will listen to you ARE GETTING FEWER each passing day. Of course: 8.8.8.8 will be telling you these lies - TO PROTECT YOU, so it is perfectly fine...????? Then there is the simple TECHNICAL view: ---------------------------------------------------------- DNS firewalls are stupid. This is NOT the real reason we have RPZ... The real reasons we have RPZ has NOTHING to do with abuse protection, as it is a stupid tool. The people that are actively using RPZ to "protect" their users are finding that it is a piss poor method and that their users are as compromized as any other non RPZ user pool. "protecting users" is simply a smoke screen as the real reasons for RPZ is quite EVIL. And, it is EVIL for almost everyone (99%), from ethical ISP's, to low life cyber crime scumbags. Andre On Fri, 6 Jan 2017 12:18:30 +0000 Richard Clayton <richard@highwayman.com> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
In message , ox <andre@ox.co.za> writes
The Bind software is the dominant DNS software on the planet.
The IETF doc, relating to RPZ - is intended for Bind ops.
Not really -- it's an attempt to document what Bind does in a way that will make it easier for other platforms to do the same thing (it turns out that there's a lot of interaction with the innards of Bind and setting out the semantics in a way that is platform independent is not as simple as you might initially think).
If left unchallenged, RPZ will become a standard (RFC)
Not in the short term and not in the medium term either... there is a difference between a standard and an RFC -- as Jon Postel set out two decades ago
https://tools.ietf.org/html/rfc1796
Which will legitimize it.
As it happens, I agree with that view (since I think that many people completely erroneously conflate RFCs with standards).
What I am objecting to, is that non ethical software and systems are being legitimized.
As it happens, I agree that there are serious ethical issues with RPZ And I said so in an academic paper about ethics (as applied to research into online criminality) several years back
http://www.cl.cam.ac.uk/~rnc1/ntdethics.pdf
I've recently re-expressed my opinion on the relevant IETF list, that the document should not be adopted by the Working Group.
Essentially I believe documenting RPZ in a platform independent way will lead to some Governments taking the view that they can censor the web by compelling the consumption of an Officially Endorsed RPZ feed -- at present, the fact that many platforms do not implement RPZ at all (or in what is probably an inconsistent manner) gives them some pause. I think we remove that (admittedly small for some regimes around the world) roadbump at our peril.
- -- richard Richard Clayton
Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755
-----BEGIN PGP SIGNATURE----- Version: PGPsdk version 1.7.1
iQA/AwUBWG+LFju8z1Kouez7EQKaMwCeOntURBJAr/IKbWtos9rb5yQzsOMAnRNO QmGUXnqCk56ANjr9wLoXHvxn =A6Jd -----END PGP SIGNATURE-----