Evan Hunt wrote:
On Fri, Sep 08, 2017 at 06:43:52PM -0700, Paul Vixie wrote:
not so fast. nxdomain redirection is an attack. censorship is an attack.
i don't think you mean to group ttl stretching in with those attacks.
because if you do, then we agree, it is an attack, and ought not be
done, and certainly ought not be standardized in any form.
They're both lies, and TTL stretching is a lie, and in principle I
believe the DNS should not lie, but filter-aaaa and dns64 and RPZ all
had good and worthy reasons, and nxdomain redirection had bad reasons
with dollar signs next to them, and here we are.
Just as with RPZ, it seems reasonable to publish guidance on how to
do the kind-of-bad thing in the least bad way.
rpz is a defense. it assumes that the content owner is trying to hurt
me. it is therefore one step away from being an attack, and is in any
case, not an attack.
i think that attack-p is more relevant than lie-p for this discussion.
--
P Vixie
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
