On 12/29/16 1:51 PM, william manning wrote: > "lets standardize this 'cause everyone does it" sounds like the medical > community should have standardized on whiskey & leaches & coat hangers > because thats what everyone did. if this work does proceed, i'd like to > insist that it carry a disclaimer that it is designed specifically for > closed networks and is not to be used in the Internet.
this sounds like an aplicability statement to be included in the introduction. > Indeed, thedraft is very clear this is for enclaves and not for open > Internet use. > > > /Wm > > On Thu, Dec 29, 2016 at 10:15 AM, Vernon Schryver <v...@rhyolite.com > <mailto:v...@rhyolite.com>> wrote: > > > From: Richard Clayton <rich...@highwayman.com > <mailto:rich...@highwayman.com>> > > > Everyone involved understands that there isn't at present a turnkey > > application that the other 5% (and indeed all the in-house corporate > > systems) could deploy.... > > I do not understand that. > If the command `nslookup -q=txt -class=CHAOS version.bind` to a UNIX > shell or Windows command prompt on your desktop says anything about > BIND, then chances are good that you are already using one of the > turnkey applications that in-house corporate systems and others have > already deployed and could configure. Even if there is no sign of > BIND9 from that `nslookup` command, the odds are good that the recursive > server you use has an RPZ taint or will have within months. > > > > So although deploying RPZ does a reasonable job of papering over the > > cracks in our response to cybercrime I think that on balance it's too > > dangerous a tool for the IETF to wish to bless in any way -- it's poor > > social hygiene to standardise these types of tools. > > While I understand how a reasonable person can hold that position, > I think the papered cracks are not only less bad, but the best that > can be hoped for in the real world. > > > > I also note from reading the draft that this blessing will freeze in > > some rather ugly design (with the authors arguing that the installed > > base cannot adjust to something cleaner). > > That is not the intended meaning of the draft. Instead it tried to > acknowledge the extreme difficulty of changing an installed base. > Words that convey that intended meaning would be appreciated. > > > Vernon Schryver v...@rhyolite.com <mailto:v...@rhyolite.com> > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org <mailto:DNSOP@ietf.org> > https://www.ietf.org/mailman/listinfo/dnsop > <https://www.ietf.org/mailman/listinfo/dnsop> > > > > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop >
signature.asc
Description: OpenPGP digital signature
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
