[anti-abuse-wg] DNS Abuse, Abuse of Privacy & Legitimizing Criminal Activity

On Wed, 4 Jan 2017 09:31:37 +0000
Rob Evans <rhe at nosc.ja.net> wrote:
> >> The presumed draft you're unhappy about
> >> (https://datatracker.ietf.org/doc/draft-vixie-dns-rpz/) is
> >> informational. It is not a standard.
> > not yet a standard. operational word, I guess, is yet. so there is
> > still time to create awareness and to speak out.
> More than that, it hasn't yet been adopted by the dnsop working group
> in the IETF, where a similar discussion is happening, and I don't
> believe the authors have stated an aim for an individual submission
> RFC.
> Raising awareness of RPZ is good, however it's an operational tool
> that many service providers and enterprises might want in their
> arsenal (even if as an opt-in).
> 
This is also maybe a good discussion to have in an abuse wg on a
different thread:Why "DNS Firewalls" and RPZ is the wrong abuse tool to 
use or why it is a "good tool" for providers and enterprises to use.
Whether "walled off Internet gardens" is a good thing for abuse and how
that balances out with freedom, openness and the other pesky problems.

About this thread though, it is very important that any inkling of this
becoming an RFC needs to generate much more interest and involvement
than DNS ops.

Judging from where RPZ is at now: Adding DECEPTION to LIES,  and
producing different lies depending on which user is asking the questions, 
is patently and clearly not good.

Arguments that we need to become killers because there are killers is
simply not in the best interests of a free and open society.

DNS ops quite obviously cannot be objective, AND they cannot be left
alone with this issue.  It is clear where this laissez-faire re RPZ has
led and produced over the past 7? years!

And abuse admins will be directly impacted by the adoption of this as a
standard.

> The best place to discuss furthering (or otherwise) RPZ is likely to
> be on the IETF's dnsop list.
>
Not really. (and I have already done that anyway) 

It is the DNS Op's whom are in need of protection against themselves.
As I said above, the drift over the past years has been to use non
ethical, dishonest methods (and now also to even use deception and hide
their lies) - Non acceptable and the abuse admins and others need to
become involved as the situation is not fixing itself.

It is the entire methodology and flawed foundation of the entire RPZ
protocol that is in question.

if you build a house foundation in clay, your walls will crack.

If the majority here agrees that RPZ is evil, then we may start
discussing why DNS is better used as a reactive abuse tool and poorly
suited to "firewall" use and that it is completely wrong to promote a
method that involves promoting dishonesty.

If the majority does not agree that RPZ is evil, as you seem not to
yourself? then we still need to discuss the WHY you think it is not
evil and why you think it is a good idea to tell different lies to
different users and to hide the truth from your own users, etc etc

Andre