Re: [anti-abuse-wg] DNS Abuse, Abuse of Privacy & Legitimizing Criminal Activity
Andre, On Jan 3, 2017, at 9:57 PM, ox <andre@ox.co.za> wrote:
When respected Internet Engineers and organizations develop standards for Internet software that completely ignores ethics, morality, honesty and is pale and anemic in the truth department?
You've developed quite the messianic complex here.
I strongly object to RPZ being peddled as a "standard" by the Internet Community.
The presumed draft you're unhappy about (https://datatracker.ietf.org/doc/draft-vixie-dns-rpz/) is informational. It is not a standard.
RPZ will destroy the Internet - people are lazy (i am lazy also)
Actually, it is the people who do stuff that makes RPZ a solution that are destroying the Internet. RPZ is a hack that some folks find useful in addressing particular forms of abuse, nothing more.
Quite obviously we, as an Internet Community, already no longer cares much about the truth of something, which is also why we live in a post-truth planet.
Yow. RPZ is a tool. You don't like that tool? Don't use it. You care about the "truth"? Do your own DNSSEC validation. Personally, I'd prefer a world where there are fewer tools that are well described, even if some times those tools may be used in ways that I don't agree with, than in a world of a myriad of tools, poorly described, all trying to solve the same problem (using a solution I may not agree with), doing it in ways that are incompatible. Or do you think that by refusing to document something that it magically goes away? Regards, -drc (speaking only for myself)
On Tue, 3 Jan 2017 22:18:00 -0800 David Conrad <drc@virtualized.org> wrote:
Andre, On Jan 3, 2017, at 9:57 PM, ox <andre@ox.co.za> wrote:
When respected Internet Engineers and organizations develop standards for Internet software that completely ignores ethics, morality, honesty and is pale and anemic in the truth department?
You've developed quite the messianic complex here.
You do not say why this is not true. or not factual. or not correct. You prefer to reply that I have psychological diversion, or fake beliefs, instead of playing the ball... Nice.
I strongly object to RPZ being peddled as a "standard" by the Internet Community.
The presumed draft you're unhappy about (https://datatracker.ietf.org/doc/draft-vixie-dns-rpz/) is informational. It is not a standard.
not yet a standard. operational word, I guess, is yet. so there is still time to create awareness and to speak out.
RPZ will destroy the Internet - people are lazy (i am lazy also)
Actually, it is the people who do stuff that makes RPZ a solution that are destroying the Internet. RPZ is a hack that some folks find useful in addressing particular forms of abuse, nothing more.
And, this, in your argument, makes it okay to pave the road to make this fait accompli in terms of what is acceptable Internet standards or modus. Never mind that it is evil, wrong, immoral or at best, unethical?
Quite obviously we, as an Internet Community, already no longer cares much about the truth of something, which is also why we live in a post-truth planet.
Yow. RPZ is a tool. You don't like that tool? Don't use it. You care about the "truth"? Do your own DNSSEC validation.
Sure, there are many tools, hacker tools, 0day scripts (for kidd1eS) but none of them have their own informational IETF draft, on its way to becoming a standard, if not opposed.
Personally, I'd prefer a world where there are fewer tools that are well described, even if some times those tools may be used in ways that I don't agree with, than in a world of a myriad of tools, poorly described, all trying to solve the same problem (using a solution I may not agree with), doing it in ways that are incompatible. Or do you think that by refusing to document something that it magically goes away?
Your argument above is the same basic argument that has been stated before and simply boils down to: "This is the way things work, will work in the future and if I do not like it, make my own Internet." - and you added that it is good to have everything documented. Why do you not discuss the real issues? This is also how the "other side" buries the real issues, by wind, air and fake truth. The truth is: I do not have a messianic complex The further truth is that you have made it abundantly clear how you "feel" and I thank you for your "feelings" in this regard. The truth is, very obviously, you do not care about the truth :) Andre
Hi,
The presumed draft you're unhappy about (https://datatracker.ietf.org/doc/draft-vixie-dns-rpz/) is informational. It is not a standard.
not yet a standard. operational word, I guess, is yet. so there is still time to create awareness and to speak out.
More than that, it hasn't yet been adopted by the dnsop working group in the IETF, where a similar discussion is happening, and I don't believe the authors have stated an aim for an individual submission RFC. Raising awareness of RPZ is good, however it's an operational tool that many service providers and enterprises might want in their arsenal (even if as an opt-in). The best place to discuss furthering (or otherwise) RPZ is likely to be on the IETF's dnsop list. Cheers, Rob
On Wed, 4 Jan 2017 09:31:37 +0000 Rob Evans <rhe@nosc.ja.net> wrote:
The presumed draft you're unhappy about (https://datatracker.ietf.org/doc/draft-vixie-dns-rpz/) is informational. It is not a standard. not yet a standard. operational word, I guess, is yet. so there is still time to create awareness and to speak out. More than that, it hasn't yet been adopted by the dnsop working group in the IETF, where a similar discussion is happening, and I don't believe the authors have stated an aim for an individual submission RFC. Raising awareness of RPZ is good, however it's an operational tool that many service providers and enterprises might want in their arsenal (even if as an opt-in).
This is also maybe a good discussion to have in an abuse wg on a different thread:Why "DNS Firewalls" and RPZ is the wrong abuse tool to use or why it is a "good tool" for providers and enterprises to use. Whether "walled off Internet gardens" is a good thing for abuse and how that balances out with freedom, openness and the other pesky problems. About this thread though, it is very important that any inkling of this becoming an RFC needs to generate much more interest and involvement than DNS ops. Judging from where RPZ is at now: Adding DECEPTION to LIES, and producing different lies depending on which user is asking the questions, is patently and clearly not good. Arguments that we need to become killers because there are killers is simply not in the best interests of a free and open society. DNS ops quite obviously cannot be objective, AND they cannot be left alone with this issue. It is clear where this laissez-faire re RPZ has led and produced over the past 7? years! And abuse admins will be directly impacted by the adoption of this as a standard.
The best place to discuss furthering (or otherwise) RPZ is likely to be on the IETF's dnsop list.
Not really. (and I have already done that anyway) It is the DNS Op's whom are in need of protection against themselves. As I said above, the drift over the past years has been to use non ethical, dishonest methods (and now also to even use deception and hide their lies) - Non acceptable and the abuse admins and others need to become involved as the situation is not fixing itself. It is the entire methodology and flawed foundation of the entire RPZ protocol that is in question. if you build a house foundation in clay, your walls will crack. If the majority here agrees that RPZ is evil, then we may start discussing why DNS is better used as a reactive abuse tool and poorly suited to "firewall" use and that it is completely wrong to promote a method that involves promoting dishonesty. If the majority does not agree that RPZ is evil, as you seem not to yourself? then we still need to discuss the WHY you think it is not evil and why you think it is a good idea to tell different lies to different users and to hide the truth from your own users, etc etc Andre
participants (3)
-
David Conrad -
ox -
Rob Evans