Hi, Per assorted comments in this thread….a couple of observations from one WG chair.
It’s my sense at least that the WG was clear that there’s some interest in publishing an informational document about RPZ, given that it’s widely deployed and considered useful by certain admins in certain situations, but that such a potential RFC should have more detailed discussion than the initial draft of drawbacks and cautions regarding the use of this technology. It also seemed to me that the usual rules apply: authors on a WG document are committed to working through WG discussion to consensus. If that doesn’t work out, the authors can be replaced or the document abandoned. I still think there’s a possible consensus view that will allow a version of this document to proceed, if it meets the constraints we’ve discussed. If not, we will not have consensus to advance it, and an eventual WGLC will tell us so. As our AD pointed out, that’s awkward but hardly unprecedented. Finally, folks should feel free to offer the cautions they think the document should include, but as Andrew already noted, text that claims to speak for the IAB or ISOC or other organizations is out of scope for us as an IETF WG and will not be added to the document. thanks, Suzanne > On Mar 13, 2017, at 3:46 AM, Ray Bellis <r...@bellis.me.uk> wrote: > > On 13/03/2017 05:35, william manning wrote: >> Joel, >> >> I'd be happy to see the document proceed under two conditions: 1) it >> becomes a WG document, subject to IETF change control, and 2) that the >> disclaimer requested back on 20170103 be added to the document. To >> refresh the collective mind, here is the missing text: >> >> applicability statement. >> >> This draft is documents a process and method for intercepting DNS >> queries and fabricating responses to redirect the querier into a walled >> garden or enclave that is NOT part of the open Internet. Adoption and >> acceptance of this draft is an acknowledgement that the IETF, the IAB >> and ISOC reject the principles espoused >> at https://open-stand.org/about-us/principles/ >> <https://open-stand.org/about-us/principles/>, in particular article 3. >> Collective Empowerment insofar as the evolution of the DNS is concerned. > > Very strong -1 against that text, here! > > RPZ is already in very widespread use on the open Internet, especially > as a means to protect end users against botnet C&C hosts. > > Ray > > ob. disclaimer - I work for a DNS vendor that implements RPZ > > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
