On 3/11/11 10:37 AM, John R. Levine wrote:
Chris just sent in a minor update, which you can find here:
http://tools.ietf.org/html/draft-irtf-asrg-bcp-blacklists-08
For people who read -07, the Diff1 button at the top of the page will
produce a redlined diff against -07 and Diff2 will produce side by
side diffs.
The differences are minor and are intended to be editorial. Let us
know if we screwed something up.
John,
In general, this is a well written document, although some of the
guidance reduces the role played by ISPs. In section 2.2.3, there is
too much emphasis on the use of temporary listings, since this will
expose trap locations and eventually make detection less effectual for
anyone other than ISPs monitoring for abuse remediation. A topic fully
overlooked by the draft. This becomes a greater concern when dealing
with a future where bad actors are able to employ unique IP addresses
for every message ever sent.
As indicated in a prior message, the reference for RFC3330 should have
been updated to RFC5735.
It is also technically and conceptually incorrect to place prohibitions
of (third-party) donations within Section 2.2.5 Conflict of Interest.
This prohibition should be moved to a different section. What is meant
by donations should have been better defined, since almost any
requirement imposed by a listing service that incurs an additional cost
could be incorrectly included within this category. Lists must be
allowed to be flexible, since many have been driven out-of-business when
dealing with bot-net related attacks.
-Doug
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg