On 2005-12-06 08:59:22 -0800, Douglas Otis wrote:
On Dec 6, 2005, at 12:59 AM, Peter J. Holzer wrote:
On 2005-12-05 10:50:29 -0800, Douglas Otis wrote:
There could be a minor concern regarding the use of the term
blacklist. This could create additional expenditures explaining how
an IP black-hole list (terminology used in BGP) is different from the
blacklisting of an individual, as such definitions carry significant
legal importance. It may be helpful to substitute to the term
"black-
hole list" for "blacklist."
I don't think so. The terms "blacklist" and "whitelist" have well
defined meanings. A blacklist is a list of known bad guys (well,
usually not guys, but IP addresses, domain names, email addresses,
public keys or whatever your list contains) by some criteria,
And, just in case that wasn't clear, these criteria don't have anything
to with moral concepts of "good" and "bad" or with legal concepts. They
don't even have to make universal sense.
while a whitelist is a list of known good guys. What you do with
those lists is up to you.
As the draft itself mentions, even the definition of whether something
is a blacklist or whitelist is up to the user of the list. The same list
may be used by some as a blacklist and by others as a whitelist.
The term "blackhole list" otoh suggests strongly the purpose of the
list: The addresses on the list should be blackholed, i.e., any
traffic from (and maybe to) them dropped.
Black-holing is exactly how the BGP version of the list works.
Er, you might not have noticed, but this draft is not about the RBL, but
about DNS blacklists and whitelists in general. There are now more than
one and the RBL is mainly of historical interest.
All traffic is "black-holed" for that IP address.
Right. And this NOT what a blacklist is about. So blackhole list is the
wrong term for a DNSBL.
The term blacklist also has other legal meanings that should be
avoided if possible.
This is a technical paper, not a legal one. It is often the case that
the same term has different meanings for people of different
professions.
If I'm running a slave DNS server, I won't get into conflict with
anti-slavery laws.
Black-hole is more illustrative of the treatment given the traffic,
It is illustrative for one of many possible treatments. It suggests that
this is the only possible treatment, which is bad.
rather than suggesting this involves an individual as referenced in
various laws.
It has nothing to do with laws. It doesn't even have anything to do with
individuals. The entities referenced in DNSxLs are usually IP-addresses,
not individuals.
If you have a (possibly infinite) set of entities, and you want to treat
some of these in some way better than others (e.g., by accepting mail
from them, relaying mail for them, accepting larger attachments or more
types of attachments, etc.), you have two possibilites:
1) You can make a list of all those which you want to treat better (the
whitelist)
2) You can make a list of all those which you want to treat worse (the
blacklist)
Generally, you will base your decision on whether you choose the
whitelist or blacklist approach on the size of the resulting list (you
especially don't want an infinitely long list) and on which side you
want to err for previously unknown entities: The whitelist approach errs
on the side of caution: Everybody who isn't on the good list is presumed
bad. The blacklist approach is optimistic: Everybody not on the bad list
ist presumed good.
hp
--
_ | Peter J. Holzer | Ich sehe nun ein, dass Computer wenig
|_|_) | Sysadmin WSR | geeignet sind, um sich was zu merken.
| | | hjp(_at_)hjp(_dot_)at |
__/ | http://www.hjp.at/ | -- Holger Lembke in dan-am
pgpyhrxnhJ5v9.pgp
Description: PGP signature
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg