This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/
[cooperation-wg] DNS-based filtering
- Previous message (by thread): [cooperation-wg] DNS-based filtering
- Next message (by thread): [cooperation-wg] DNS-based filtering
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Meredith Whittaker
meredithrachel at google.com
Tue Jan 28 23:42:17 CET 2014
Echoing Patrik, I too just got a chance to read Pier's document carefully, and I, too, like it :) In fact, a moment of congratulations and thanks to Pier for striking out and pulling together something comprehensive! The structure is really good, and the lively debate on this thread indicates that the work here is on the right path. With that, I have one high-level, two-paragraph comment that I hope adds to the discussion. I would suggest removing the target audience -- here started as law enforcement and governments -- and dedicating this work more broadly to anyone who's interested in this topic and would like a basic understanding of mechanisms and approaches used by *whoever* to block or prevent access to content. This expands the document a bit, but I think presents a clearer conceptual framework: how to actors that want to block content go about doing it, from asking ISPs to block specific IP addresses, to DDOS attacks, to whatever in between. What are the technical means, good or bad? In that spirit, while I think you've done an admirable job staying away from ascribing a value to specific acts of content blocking/filtering, I would suggest pruning even further. Page 8 and 9 suggest means of using these techniques for "preventing access to illicit content." I would suggest removing this section -- these same technical means are used both to prevent access to child pornography (the canonical example), and to silence political speech and quiet debate that threatens those in power, &c. Insofar as this is a document focused on the means, not the ends, speculating on "good" vs. "bad" modes of filtering/blocking, even implicitly, leads quickly to our having to justify one or another ethical viewpoints, and I think confuses the clarity of the document. At this stage, I would suggest thinking of others we might want to bring into the discussion. Are there folks who have experience here and could add more detail? Do we want to expand on specific modes of blocking (DPI/filtering boxes, and their similarities and differences, for example)? In my view its always good to add as much as possible in the beginning, ensuring that everything is covered, then remove and distill during the editing process. (And, as before, I'm more than happy to help with editing.) Cheers, and thanks again, Meredith On Tue, Jan 28, 2014 at 8:02 AM, Jim Reid <jim at rfc1035.com> wrote: > On 26 Jan 2014, at 15:08, Michele Neylon - Blacknight < > michele at blacknight.com> wrote: > > > And I thought this paper was about domains more than domain registries? > > Indeed it is. However the point I made remains. So I repeat it: > > DNS service for some domain does not necessarily rest with a single > entity. ie all the authoritative name servers for a domain might not be > under the same administrative and operational control: SLAs, reporting and > incident response procedures, legal jurisdictions, contracts, T&Cs, etc. > > Even if all the names you manage for your customers are on Blacknight's > DNS servers Michele, it doesn't follow that every domain name registration > with every other registrar follows that model. > > A government or regulator who is thinking about deploying DNS > filtering/blocking or whatever needs to bear that in mind. > > > -- Meredith Whittaker Program Manager, Google Research Google NYC -------------- next part -------------- An HTML attachment was scrubbed... URL: </ripe/mail/archives/cooperation-wg/attachments/20140128/ba68e365/attachment.html>
- Previous message (by thread): [cooperation-wg] DNS-based filtering
- Next message (by thread): [cooperation-wg] DNS-based filtering
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]