ietf
[Top] [All Lists]

Dan Bernstein's issues about namedroppers list operation

2003-01-10 09:28:12
Dan Bernstein has been making repeated claims that Randy is censoring
his postings to namedroppers. I took a look at the claims he has made
and here is how I see things.

Executive summary: I see no evidence that Randy is censoring postings
from Dan. It is the case that some of his messages do not appear to
have made it out on namedroppers, but it is unclear why this is.
Furthermore, given that most of these missing messages were cc'ed to
other lists (i.e., the ietf and iesg lists), there is no evidence of
censorship.

Namedroppers is a posters-only mailing list that is run in conformance
with the policies outlined in
http://www.ietf.cnri.reston.va.us/IESG/STATEMENTS/mail-submit-policy.txt.

Specifically, all mail sent to namedroppers is:

1) first run through spamassassin. Mail that is rejected here is not
   archived, as the number of such messages is large. All mail sent to
   mailing lists on the server hosting namedroppers is run though
   spamassassin, so this is not a namedroppers-specific procedure.

2) if sent by a subscriber to the mailing list (or by someone in the
   known posters list), the message is sent immediately.

3) Otherwise, it is queued waiting for approval (or rejection) by the
   maling list operators. Both Randy and Mark Kosters see these
   rejected postings. Mark has indicated that he has seen no rejected
   postings that were not forwarded to the namedroppers mailing list
   that should have been.

It does appear that *some* of the message that Dan has sent to
namedroppers have not appeared on the namedroppers mailing list. But
it is unclear why that happened. At the time of these postings, some
of his other messages have gone through. Also, most of the messages
that didn't appear did appear on other mailing lists that were
cc'ed. It is unclear why those messages did not make it to
namedroppers, but now that Dan's posting address is in the the list of
know posters for namedroppers, and his mail seems to be getting
through, it seems best to just keep an eye on further problems and
investigate them as soon as they happen (e.g, when relevant logs are
available). I see no evidence that Randy (or anyone else) is singling
out anyone's postings for rejection.

Details on specifics follow.
   
"D. J. Bernstein" <djb(_at_)cr(_dot_)yp(_dot_)to> writes:

Bush imposed his mailing-list control methods without IESG approval, in
violation of RFC 2418, section 3.2. He has been caught engaging in
content-based censorship several times:

   http://cr.yp.to/djbdns/namedroppers.html

    Background

The DNS protocol is covered by various IETF specifications.
Unfortunately, obeying those specifications is not sufficient to ensure
interoperability with BIND, in part because the specifications are
ambiguous or otherwise flawed, and in part because BIND violates the
specifications in many ways.

These facts have hurt competition, and contributed to BIND's market
share, at the expense of the users. For example, one site using lbnamed,
a special-purpose DNS implementation, has had interoperability problems
with BIND, and has been planning to abandon lbnamed in favor of BIND,
even though this means giving up some useful features.

In late 1999, after yet another BIND security hole was announced, I
wrote a free BIND replacement. Interoperability among DNS
implementations is, of course, essential. I found the IETF
specifications horribly inadequate.


    The namedroppers mailing list

IETF carries out its DNS protocol standardization activities within the
DNSEXT working group. The DNSEXT mailing list is
namedroppers(_at_)internic(_dot_)net, also known as comp.protocols.dns.std.

This is old and incorrect, for quite some time. The mailing list is
namedroppers(_at_)ops(_dot_)ietf(_dot_)org(_dot_) Mail from the mailing list 
may be gatewayed
one-way to usenet, but the reverse is not true. [Actually, I've been
told that usenet mail is selectively being forwarded back to the list
by someone, but it seems "very selectively", as this has happened to
only a handful of messages in several months.]

``Within the scope of this WG are protocol issues, including message
formats, message handling, and data formats,'' the DNSEXT charter says.
Several specific issues have been identified as work items, but other
DNS protocol issues remain clearly within the charter. In particular,
namedroppers is obviously the right forum for implementors to discuss
current and future DNS interoperability problems.

Unfortunately, namedroppers is being run in a way that slows down, and
sometimes prevents, public communication among DNS implementors.

Messages to namedroppers are not forwarded directly to subscribers. They
are first sent to Randy Bush. They wait for Bush's review. Bush
discards, edits, or misdirects messages that he doesn't like, and passes
along what's left.

Here are some specific examples. Many of these incidents involved
opsmail.internic.net, which used some painfully slow, creaky, obsolete
software to distribute messages to subscribers.

    * 1998-12: Bush discarded a message from Richard Sexton commenting
      on a proposed extension to MX records, a DNS protocol element.
    * 1998-12: Bush edited a message of mine, unilaterally removing a
      paragraph at the top that asked why opsmail was so slow. How is
      someone supposed to find out what the namedroppers subscribers
      think of how the mailing list is run, if complaints to the list
      are censored?
    * 1999-01: Bush discarded a message from Richard Sexton about client
      interpretation of the AA bit, a DNS protocol element, by NSI, the
      operators of some well-known DNS TLDs.
    * 1999-12: Bush discarded a message of mine
      <namedroppers/19991219005223-16101-qmail(_at_)cr-yp-to> concerning yet
      another DNS protocol violation by BIND. ``This belongs in
      bind-users(_at_)isc(_dot_)org, not namedroppers,'' Bush told me
      <namedroppers/e11zwx7-0000lb-00(_at_)roam-psg-com>, incorrectly.
    * 1999-12-31: opsmail finally sent a message that it had received on
      1999-11-04, nearly two months earlier, to a namedroppers
      subscription address that had been removed from the list on
      1999-11-25.
    * 1999-12-31: I sent an urgent message
      <namedroppers/19991231010737-16203-qmail(_at_)cr-yp-to> to namedroppers
      attempting to confirm rumors of a DNS server bug that, if true,
      would have been triggered on occasion by my new DNS cache. Someone
      else sent a message to namedroppers 14 hours later, and then
      another message 4 hours after that; 12 minutes later, Bush sent
      those two messages to opsmail; several hours later, opsmail
      finally forwarded the messages to me. A day later, I asked Bush
      why my message hadn't appeared yet. He finally sent my message to
      opsmail three days after I had sent it. I saw a copy from opsmail
      several hours after that.
    * 2000-01-12: I sent another message
      <namedroppers/20000113013505-28147-qmail(_at_)cr-yp-to> to namedroppers
      pointing out a security problem that I had described on bugtraq,
      and asking DNSEXT to fix the relevant RFC, which had been
      co-written by Bush. My message never appeared on namedroppers.
      Bush didn't send me an explanation. I learned much later that Bush
      had deliberately misdirected
      <namedroppers/20000123065236-2897-qmail(_at_)cr-yp-to> my message,
      sending it to the dnsop mailing list.
    * 2000-01-28: I sent a message
      <namedroppers/20000128015807-6574-qmail(_at_)cr-yp-to> to namedroppers
      pointing out how Bush's censorship activities had biased DNSEXT
      discussions, and a message
      <namedroppers/20000129035223-3523-qmail(_at_)cr-yp-to> to namedroppers
      criticizing Bush's unilateral statement of the namedroppers scope.
      These messages were direct responses to recent namedroppers
      messages, the first by Thomas Narten, the second by Bush. Bush
      sent both messages back to me, without saying explicitly what he
      had done with them.
    * 2000-02-20: I pointed out
      <namedroppers/20000220195445-21265-qmail(_at_)cr-yp-to> on namedroppers
      that thousands of system administrators were using dotted-decimal
      domain names in MX records. There was some discussion on
      namedroppers. Rob Austein and Bill Manning asked for evidence;
      Bush claimed that he couldn't find even a single example ``in
      almost twenty thousand zones secondaried here from all over the
      world.'' A few days later, I sent survey results
      <namedroppers/20000225221016-31751-qmail(_at_)cr-yp-to> to namedroppers
      showing that there were approximately fifteen /thousand/
      second-level .com domains with dotted-decimal domain names in
      their MX records, usually with no other MX records. My message
      never appeared on namedroppers. ``Please report bugs in peoples
      zone files to the people with the bugs, not namedroppers,'' Bush
      told me.
    * 2000-02-21: Bush discarded a message from Dean Anderson
      <namedroppers/3-0-32-20000221220332-01705a94(_at_)odie-av8-com>
      supporting expansion of the MX protocol definition to allow
      dotted-decimal domain names.
    * 2000-02-23: I sent another message
      <namedroppers/20000223081350-27092-qmail(_at_)cr-yp-to> to namedroppers
      objecting to Bush's censorship. Bush discarded my message.
    * 2000-03-12: I sent a message
      <namedroppers/20000312222447-11277-qmail(_at_)cr-yp-to> to namedroppers
      asking about DNS query transmission strategy. Bush wrote back:
      ``if your question is about the protocol, then fine. if it is
      about how the dns operates and how folk's implementations effect
      that, then post it to the mailing list for that implementation or
      to the dnsop list. i.e. keep your bind bashing off this list.'' I
      responded: ``My message asks about an efficiency problem in the
      DNS protocol, and gives some illustrative examples. Are you going
      to pass my message along to the list, or not?'' Bush discarded my
      messages without further comment.
    * 2001-03-17: I sent a message
      <namedroppers/20010317134602-7103-qmail(_at_)cr-yp-to> to namedroppers
      objecting to a BIND company proposal to modify the DNS protocol.
      Bush discarded my message without comment.

All of the above is so old there is no point in discussing again. See,
for example, http://www.iab.org/Documents/BernsteinAppealResponse.txt

    * 2002.11.17: I sent a message
      <namedroppers/20021117174553-55961-qmail(_at_)cr-yp-to> to namedroppers
      objecting to Bush and Gudmundsson sending the axfr-clarify
      <axfr-clarify.html> document to the IESG, and summarizing ten
      problems with that document. Bush silently discarded my
    message.

This message was sent to the iesg, ietf and namedroppers mailing
list. The message did make it out on at least the iesg mailing list
(where I saw a copy), but I do not see it in the namedroppers archive.

    * 2002.11.20: I sent a message
      <namedroppers/20021120084916-34961-qmail(_at_)cr-yp-to> to namedroppers
      discussing the lack of consensus behind axfr-clarify and
      complaining about Bush's censorship. Bush silently discarded my
      message.

Again, this message was posted to the ietf, iesg and namedroppers
list. I see this message did get posted to the iesg list; I do not see
it in the namedroppers archive.

    * 2002.11.20, continued: I sent a message
      <namedroppers/20021120103907-63440-qmail(_at_)cr-yp-to> to namedroppers
      discussing the interoperability problems in axfr-clarify. Bush
      silently discarded my message. After Bush wrote (on another list)
      ``it is easy to miss and therefore delete mis-posts,'' I sent a
      message <namedroppers/20021120202122-31601-qmail(_at_)cr-yp-to> to
      namedroppers saying ``Funny how this happens so often for people
      you disagree with'' and reminding Bush that he was causing
      problems for newsgroup readers, sublist readers, and ``readers
      with private subscription addresses''; Bush allowed that message
      through.

Again, this message was posted to the ietf, iesg and namedroppers
list. I see this message made it do the iesg list; I do not see it in
the namedroppers archive.

    * 2002.11.20, continued: I sent a message
      <namedroppers/20021120203439-43796-qmail(_at_)cr-yp-to> to namedroppers
      discussing the use of separate TCP/UDP ports. Bush silently
      discarded my message.

This note was allegedely sent to namedroppers (and no where else). It
is not in the namedroppers archive. It is noted, however, that other
messages from Dan did appear on namedroppers that day.

      My subscription address stopped receiving messages from the
      namedroppers mailing list. About 40 hours later, I asked Bush what
      was going on:

          Is that address still on the list? If not, why not? Does your
          software reveal subscription addresses? Does it allow
          unconfirmed unsubscription requests? Does it use
          non-cryptographic cookies in confirmation notices? If the
          address is still on the list, why aren't the outgoing messages
          being delivered? Is there some general problem with all
          addresses?

      Suddenly the messages all came through.

Can't say what this was all about. Temporary mail problems?

    * 2002.11.23: I sent a message
      <namedroppers/20021123061646-22603-qmail(_at_)cr-yp-to> and another
      message <namedroppers/20021123172816-71385-qmail(_at_)cr-yp-to> to
      namedroppers. Bush promptly forwarded both messages. However, in
      the second message, he manually inserted my subscription address,
      despite my previous comments about private subscription addresses
      and forged unsubscription requests. (Was this malicious, or was it
      just mind-bogglingly stupid?)

Or perhaps, it was to make it clear to the poster which address the
posting was coming from, since there seems to be confusion at times
about whether someone is posting from the same address to which they
are subscribed.

"D. J. Bernstein" <djb(_at_)cr(_dot_)yp(_dot_)to> writes:

    * 2002.11.25: I sent a message
From: "D. J. Bernstein" <djb(_at_)cr(_dot_)yp(_dot_)to>
To: namedroppers(_at_)ops(_dot_)ietf(_dot_)org
Cc: sob(_at_)harvard(_dot_)edu
Date: 15 Dec 2002 03:18:14 -0000
Subject: Re: repeating records
Automatic-Legal-Notices: See http://cr.yp.to/mailcopyright.html.

I've noticed that Randy Bush discarded Len Budney's note on this topic:
http://groups.google.com/groups?selm=asnul4%24640g%241%40isrv4.isc.org

Not so.  Len's note was posted to usenet, not to the namedroppers
mailing list. Mail from usenet cannot be assumed to get gatewayed back
to the mailing list.

Thomas