NCSG-DISCUSS Archives

NCSG-Discuss

NCSG-DISCUSS@LISTSERV.SYR.EDU
Options: Use Forum View

Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: RPZ & content control
From:
Shane Kerr <[log in to unmask]>
Reply To:
Shane Kerr <[log in to unmask]>
Date:
Tue, 11 Apr 2017 12:58:49 +0000
Content-Type:
multipart/signed
Parts/Attachments:
text/plain (1210 bytes) , application/pgp-signature (847 bytes) 
Niels and all,

At 2017-04-11 14:50:13 +0200
Niels ten Oever <[log in to unmask]> wrote:

> Have you all followed the discussion around RPZ ? It is a
> (proposed)protocol which allows for the blacklisting of certain
> addresses, reportedly to address malware, but you can imagine how this
> could be used differently.

To be clear, this is not a proposed protocol, it is code running in
production on many high-volume resolver installations. The IETF effort
is an attempt to standardize this to insure interoperability between
vendors.

> https://tools.ietf.org/html/draft-ietf-dnsop-dns-rpz-00
> 
> https://dnsrpz.info/
> 
> http://www.circleid.com/posts/20100728_taking_back_the_dns/
> 
> Is this a discussion that has also been held in ICANN, or is this a
> 'let's route around ICANN'-kind of solution?

Certainly improved ability to block domains will impact ICANN's
constituents, so it probably makes sense to follow the work and for
interested ICANN participants to join any discussions in the IETF.

However I believe that RPZ is outside of ICANN's remit. As such I
don't believe that there is any direct role for ICANN in this, beyond
the possible work of IANA in publishing any eventual RFC's that arise.

Cheers,

--
Shane

ATOM RSS1 RSS2