On Mon, 19 Dec 2016 07:53:42 +0100
"Ralf Weber" wrote:
> Moin!
>
Aloha
> > DNS admins also have a fiduciary responsibility to their users.
> > Other services also have implied fiduciary responsibility, like
> > email, but DNS is a direct service - Your user is asking you, right
> > now, for a
Moin!
On 19 Dec 2016, at 6:05, ac wrote:
> On Sun, 18 Dec 2016 23:45:34 +
> "Adrien de Croy" wrote:
>>> If the admin's goal is to block access to malicious sites, then
>>> they want to block the traffic, not falsify DNS. If the goal is
>>> to warn users away from bad places, they can publis
On Sun, 18 Dec 2016 23:45:34 +
"Adrien de Croy" wrote:
> > If the admin's goal is to block access to malicious sites, then
> > they want to block the traffic, not falsify DNS. If the goal is
> > to warn users away from bad places, they can publish the list as a
> > filter for end-system f
On Sun, 18 Dec 2016 10:45:57 -0800
william manning wrote:
this became very relevant to DNSOP list again...
> SMTP configuration is not relevant... That said, the morphing of open
> SMTP services to the tightly controlled heirarchy and draconian
> locally administered rules which prevent delivery
> If the admin's goal is to block access to malicious sites, then they
> want to block the traffic, not falsify DNS. If the goal is to warn
> users away from bad places, they can publish the list as a filter for
> end-system firewalls.
That may be your view about how blocking should work, but
On Sun, Dec 18, 2016 at 07:59:44PM +, Tony Finch wrote:
> Scott Schmit wrote:
> > This doesn't magically make it possible for this DNS firewall to forge
> > DNSSEC-signed data, so if a validating end-system is going to have its
> > behavior modified, it would need to opt in.
>
> That's not e
Scott Schmit wrote:
>
> This doesn't magically make it possible for this DNS firewall to forge
> DNSSEC-signed data, so if a validating end-system is going to have its
> behavior modified, it would need to opt in.
That's not entirely true. An RPZ setup can lie regardless of whether a
client
SMTP configuration is not relevant... That said, the morphing of open SMTP
services to the tightly controlled heirarchy and draconian locally
administered rules which prevent delivery are EXACTLY what this draft
proposes for the DNS.
On Sunday, 18 December 2016, Tim Wicinski wrote:
> Jim is corr
> On 18 Dec 2016, at 15:46, Burkov Dmitry wrote:
>
> Jim,
> but you raise for me another question - if 90% will be served by google,etc -
> what the real value and role of the roots?
Dima, that’s a question to be answered by people well above our pay grade and
we shouldn’t go down that partic
Jim,
but you raise for me another question - if 90% will be served by google,etc -
what the real value and role of the roots?
Dima
> On Dec 18, 2016, at 6:32 PM, Jim Reid wrote:
>
>
>> On 18 Dec 2016, at 15:11, Ralf Weber wrote:
>>
>> There are other ways of reducing the crap to the root ser
Bill,
At IETF 96 in Berlin, Warren gave a presentation discussing how Google
is using this in their recursive servers. Here's the link to the
recorded video for the whole dnsop session:
http://recs.conf.meetecho.com/Playout/watch.jsp?recording=IETF96_DNSOP&chapter=chapter_1
For me the most inter
> On 18 Dec 2016, at 15:11, Ralf Weber wrote:
>
> There are other ways of reducing the crap to the root servers (RFC 7706). I
> don't think NSEC Agressive use will reduce crap a lot as if I remember
> correctly from Geoff Houstons last presentation still around 80% of the
> resolver don't use
Moin!
On 17 Dec 2016, at 20:25, David Conrad wrote:
I presume NSEC Aggressive Use will significantly reduce the amount of
crap hitting the root servers.
There are other ways of reducing the crap to the root servers (RFC
7706). I don't think NSEC Agressive use will reduce crap a lot as if I
re
Jim is correct, this is not relevant
tim
On 12/18/16 7:37 AM, Jim Reid wrote:
On 18 Dec 2016, at 12:28, sth...@nethelp.no wrote:
You're saying that most spam messages contain a Message-ID header.
Please take this discussion somewhere else. It is not appropriate for dnsop.
___
> On 18 Dec 2016, at 12:28, sth...@nethelp.no wrote:
>
> You're saying that most spam messages contain a Message-ID header.
Please take this discussion somewhere else. It is not appropriate for dnsop.
___
DNSOP mailing list
DNSOP@ietf.org
https://www.
> Regarding "Message-ID header" - factually, over 80% of all spam
> (I have not bothered to do the actual number check, it is probably closer
> to 99.99% but I am erring on the side of caution - as this is science
> and not opinion, it is what it is)
>
> - All contain a Message-ID header.
You
On Sun, 18 Dec 2016 07:59:30 GMT
Vernon Schryver wrote:
> > From: ac
> > To: dnsop@ietf.org
> > If any of you are thinking about speaking your mind, there are
> > consequences.
> What consequences are those, besides subjecting me to two instead of
> only one copy of a message that doesn't seem to
> From: ac
> To: dnsop@ietf.org
> If any of you are thinking about speaking your mind, there are consequences.
What consequences are those, besides subjecting me to two instead of
only one copy of a message that doesn't seem to contain improved words
for the RPZ draft?
> v...@rhyolite.com
> ho
18 matches
Mail list logo