On Tue, 20 Dec 2016 06:12:42 +0000 Evan Hunt <e...@isc.org> wrote: > On Tue, Dec 20, 2016 at 07:30:43AM +0200, ac wrote: > > You are quite correct, but the minute you answer questions for other > > people the entire situation changes. > Not if they've contracted with me to answer their questions in a way > that protects them from malware, it doesn't. > ianal, my reply and opposition to the publication of the draft is that it is not ethical.
> > To rip the dam from underneath the duck: You cannot legally resolve > > a non google IP number as "google.com" just because your t&c says > > you can do whatever you want. > If google.com is known to be sending malware or spam or other > undesirable content (which it isn't), then of course I can. Or, > instead of remapping the answer, I can return NXDOMAIN. This would I do not see any problems with that, as you are not providing an actual answer > not be theft; it would a service provided to my malware-averse > clientele. If they don't want this to happen then they should use > some other resolver or run their own. > > Now, if I remap google.com in order to *cause* my clients to receive > malware or spam, then yes, I agree that I am being evil, and I hope > everyone is using DNSSEC and SSL certificate validation and other such > mechanisms to detect and avoid this. > imho DNSSEC is the way to go, it obviates the need for RPZ and for DNS ethcis and many other issues. Andre _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
