As far as I can tell, you are deflecting my serious concerns rather than 
responding to them.   I’m asking you to describe an actual situation where the 
information you want us to publish would (a) be published and (b) actually work 
as a means of notifying some real person of something, or prosecuting some real 
crime.  I’m going to respond to what you’ve said to point out that it’s not 
serious, but I encourage you not to debate these points with me.  If your goal 
is actually to publish this draft, the right thing to do is come up with some 
good arguments why the IETF should publish it, not to get into a debate over 
details with me.
You respond:
> I most certainly can and do use no information and false information for 
> making policy decisions. In fact, so do you and everyone here, every day. 
> Would you give you credit card information over the phone when receiving a 
> call with no caller ID?

Caller ID is always presumptively forged.  If you actually care about not being 
phished, you should never under any circumstances provide your credit card 
information over the phone if you didn’t initiate the phone call.   You 
shouldn’t even do it then, since telephone conversations aren’t encrypted 
end-to-end.

> You're making an assumption that people SHOULDN'T ever give contact 
> information. That's not true. Every business puts their contact information 
> their website. They WANT to be contact. Individuals often will do the same. 
> On twitter, journalists routinely put their phone numbers.
> 
This isn’t actually true.  People who want anonymous contact do in fact publish 
information that people can use to contact them anonymously, which may be a 
phone number.   It’s also a straw man.  I’m not saying people shouldn’t ever 
give contact information.  I’m saying that people shouldn’t be held hostage in 
such a way that they are forced to _publish_ personal information in order to 
get services.
> As far as pretext for "investigating people", as long as I break no laws, I 
> can't investigate anyone for anything I want at any time I want for any 
> reason I want. So can you. But that's not the question here. Voluntary 
> interconnection is. I can deny people access to my resource for any reason I 
> want.
> 
Repressive regimes often use pretexts to justify their repressive activities.   
It is to this that I am referring when I talk about this as an attack surface.  
Maybe you never engage in improper policing, but we can’t assume that this is 
true everywhere where DNS is used.
> You'd want me (or others) to let you know about compromises, for one. DMARC 
> does this already, in a sense. I get email reports about potential abuse of 
> my domain and spoofing emails. To do this, it needs an email. I get 
> something. But wide-spread adoption is the risk, I don't make any illusions 
> of that.

There is no way in the world that I would ever publish my email address as a 
way to get notifications of compromise.  Not merely for privacy reasons, but 
because the spam rate on that email address would be astronomical, and so I’d 
never see them.

> I can provide lots of use cases and provide others who will attest to the 
> same. Victim notification, correlation of domains and resources, 
> investigations, generating reputational data…
> 
These are nearly all examples of ways this information will be used against me. 
 If you think victim notification is a good use case, can you describe in 
detail how that would work?
> There is no protocol, communication, human endeavor where this will be every 
> true as far as "not used against me". DNS records is entirely voluntary now. 
> You control what you put or don't put in there, no one is changing that. But 
> using it against you or not, someone could use the fact you are running an 
> IIS web server against you.
> 
It’s true that whenever I communicate with anyone, I create a risk for myself.  
So doesn’t it make sense that I would want to control with whom I communicate, 
rather than broadcasting?

> Exactly what ethical standard do you claim is violated here? And if the 
> answer is that you have some unfettered right to access my network resources, 
> that is simply false.

That’s an interesting response, which suggests that you have a use case in 
mind.  The use case you have in mind is that you will deny service to people 
who do not publish this information.  This is exactly the attack surface I was 
describing earlier, and you’ve just said that you intend to use this attack.

Of course it’s your right to deny service to people who don’t identify 
themselves to you.  If you want to do that, the way you do that is by 
establishing a business relationship with them and refusing service to people 
with whom you have no business relationship.  It is not by creating a huge 
database of personal information accessible to everyone, and demanding that 
they publish their information in  this database.

_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Reply via email to