Andrew Sullivan wrote:
On Thu, Nov 13, 2008 at 08:18:01AM -0800, Dave CROCKER wrote:
The difficulty is that the current line of argument is that because some
DNSBLs are operated badly, DNSBLs are bad.
I think that's not quite fair. My impression is that there is more
than one line of argument. Here are some different ones that I have
observed in this discussion, some of which seem never to be getting
answers. (Or, sometimes, they seem to be getting answers that are
counter-arguments the the first. I believe philosophers would call
those examples of the straw person fallacy.)
1. Some DNSBLs are bad, therefore all DNSBLs are bad. (The one you
note, and which is obviously bogus.)
Obviously.
2. DNSBLs are in themselves bad, because there is no way to guarantee
that they won't contain false positives; they are nevertheless
possibly useful, but the trade-offs are inadequeately described in the
current document.
If all that's missing is a few sentences in the Security Considerations
section, I'm sure that we can get somewhere with that, on the other
hand, discussion of those types of tradeoffs probably don't belong in
this draft, but a BCP.
3. DNSBLs are not in themselves bad, but the implementation of them
as described in the current draft (which does describe the current
state of the art in DNSBLs) _is_ bad. The current behaviour and the
desirable behaviour ought to be separated, and one described while the
other is standardized.
Behaviour of DNSBL != information transfer protocol. The document at
hand only describes the protocol, and should only describe the protocol,
and the security considerations should be on the protocol, not the
behaviour. "Behaviour" is better described in another document. Like
the BCP I'm supposed to finish the .05 revision on ASAP.
[If I can stop following this thread maybe I'll get it finished.]
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf