On Thu, Jul 09, 2009 at 11:23:48AM -0400, Livingood, Jason <jason_living...@cable.comcast.com> wrote a message of 69 lines which said:
> If anyone is interested and has time before IETF 75, I¹m happy to take > feedback before then obviously. Disclaimer: I find the whole idea a very bad one, a violation of network neutrality and certainly a service I would never accept from my ISP. 1) There is a lot of vocabulary which is more propaganda than technical description such as pretending in section 2 that it is an "enhanced" DNS service, which is very questionable. 2) "ISPs and DNS ASPs must provide their users with a method to opt into (opt-in) or out (opt-out) of some or all DNS Redirect services." You need to add "without delay or payment". 3) "Only A and AAAA resource records should be redirected, all other resource record types must be answered as if there was no redirection." Does it mean that a request for MX or SRV, with the same owner name, will return NXDOMAIN? If so, it seems to me a strong violation of the DNS protocol. 4) About DNSSEC, "This case doesn't have widespread deployment now and could be mitigated by using trust anchor, configured by the applicable ISP or DNS ASP, that could be used to sign the redirected answers." That's the most newspeak sentence of the I-D. I suggest to call this feature Authenticated Lie. 5) I find no reference to the two most relevant RFC here, RFC 4084 and RFC 4924 (section 2.5.2). For instance, ISP in France which have these "services" never advertise the fact to prospective customers, thus violating RFC 4084. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
