> > adding complexity in the middle of any system increases the size of an > > attack surface. > > +1 This was described in detail several times (see for instance this > report > <https://www.afnic.fr/medias/documents/conseilscientifique/SC-consequences-of-DNS-based-Internet-filtering.pdf>) > and we already saw its consequences for the security and stability of > the Internet > <http://www.computerworld.dk/art/214431/koks-hos-dansk-politi-spaerrer-for-8-000-websites> > (in danish) > <http://www.bortzmeyer.org/google-detourne-par-orange.html> (in > french)
Agreed about the general comment about adding complexity. However, consider the fact that quite a few operators (I happen to work for one of them) *already* have this complexity in the system, and the use of RPZ would actually *reduce* complexity. Steinar Haug, AS2116 _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
