LISTSERV - NCSG-DISCUSS Archives

NCSG-DISCUSS Archives

NCSG-Discuss

NCSG-DISCUSS@LISTSERV.SYR.EDU

	LISTSERV Archives
	NCSG-DISCUSS Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives
Options:	Use Forum View Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]
Subject:	Re: RPZ & content control
From:	James Gannon <[log in to unmask]>
Reply To:	James Gannon <[log in to unmask]>
Date:	Thu, 13 Apr 2017 12:32:51 +0000
Content-Type:	text/plain
Parts/Attachments:	text/plain (144 lines)
Kinda =)

I think that there is a small advisory role for ICANNs SSR staff in ensuring that any standardization work around DNS resolver has no impact on the root, but I feel that the place for those discussions are in the SDOs such as IETF on this specific case, and indeed David and Ed have weighed in on the DNSOP discussions when RPZ was brought as a candidate for DNSOP adoption.

I will admit I am a fan of the 'ICANN is not a regulator' that we put into the new mission statement, and while I don't think that amounts to a fully hands off approach I do believe that ICANN should be very narrowly concerned with impact on SSR of the DNS (In this case) and not with policy around domain name use and content, which should be left to other venues in my opinion. For example if this was a discussion about GNSO implementing RPZ by policy then I would be having a very different conversation, but if Vixie et al want to bring RPZ to IETF as a standard, then I think they should be allowed to, and that the means for the ICANN community to weigh in should be through DNSOP.  

I didn't raise any response when Neil's brought it here as I think raising awareness is very important, in the 'here something we should be watching as a group of people involved in the IG ecosystem, go to DNSOP and leave your opinions on it there please' way of thinking. But as for a role for the NCSG community acting as a body within ICANN, I don't think there is one within the GNSO as this is not a GNSO policy topic.

And then I weighed in as 100% without any doubt there is 0 role for ICANN Compliance to be notified or complained to about the potential standardization of an existing functionality of BIND by the IETF. We need not to be wasting their time with things like that, they we busy enough as it is with real issues.

-James


(For the record in case I'm misunderstood I think the potential use cases and ramifications of introducing RPZ extensively and standardizing it and thus making it 'acceptable' are huge and risky and need to be very well discussed with the lens of potential abuse and censorship, just not here)


-----Original Message-----
From: Shane Kerr [mailto:[log in to unmask]] 
Sent: Thursday, April 13, 2017 1:21 PM
To: James Gannon <[log in to unmask]>
Cc: [log in to unmask]
Subject: Re: RPZ & content control

James,

RPZ is a technology that resolver operators use, and so certainly ICANN has no ability to tell resolver operators what to do. As Randy Bush says, "my network, my rules".

However, RPZ deployed at large scale will impact registries and authority operators. I think it is correct for ICANN to be concerned about any potential technology that will impact stakeholders, whether this is IDN that makes e-mail break, DNSSEC which makes operations fragile, or widespread censorship and filtering based on DNS.

For an alternate view... the RIRs have maintained for decades that they have no responsibility for the usability of any IP addresses they
issue: no routability guarantees, no guarantee that your mail won't be blocked because the previous holder was a spammer, and so on.

It sounds like you think that ICANN should have a similar stance regarding domain names. In which case, I wonder why there is any vetting of domains at all. Surely we should simply support any domain for any purpose going to the highest bidder? It would make everyones'
job much easier, and we can shut down the NCSG, and indeed almost everything at ICANN except for a half dozen staff or so. ;)

Cheers,

--
Shane

At 2017-04-13 11:45:59 +0000
James Gannon <[log in to unmask]> wrote:

> Speaking just for myself I feel that ICANN has no authority policy or otherwise to tell authoritative server operators down the chain what to do.
> Is it important in the larger scheme of internet governance, yes!! But not within the ICANN sphere and thus not for the NCSG.
> 
> -----Original Message-----
> From: Shane Kerr [mailto:[log in to unmask]]
> Sent: Thursday, April 13, 2017 12:42 PM
> To: James Gannon <[log in to unmask]>
> Cc: [log in to unmask]
> Subject: Re: RPZ & content control
> 
> James,
> 
> While I tend to agree that RPZ as a specific technology is mostly out of ICANN's bailiwick, can we agree that widespread filtering of specific domains is still probably something to track?
> 
> For example, if we discover that certain TLD are heavily blocked by ISP then that may indicate some underlying problem with the way the TLD is used.
> 
> Or if ICANN discovers that an IDN TLD is likely to be blocked then this seems like something that matters to ICANN and its stakeholders.
> 
> Certainly if the NCSG has a reason to think that technology will be used against its stakeholders than the NCSG has reason to be concerned and investigate, IMHO.
> 
> Cheers,
> 
> --
> Shane
> 
> At 2017-04-12 19:31:36 +0000
> James Gannon <[log in to unmask]> wrote:
> 
> > ??
> > This has literally nothing to do with ICANN Compliance?
> > 
> > -James
> > 
> > From: NCSG-Discuss
> > <[log in to unmask]<mailto:[log in to unmask]>
> > > on behalf of Salanieta Tamanikaiwaimaro 
> > <[log in to unmask]<mailto:[log in to unmask]>>
> > Reply-To: Salanieta Tamanikaiwaimaro 
> > <[log in to unmask]<mailto:[log in to unmask]>>
> > Date: Wednesday 12 April 2017 at 19:17
> > To: 
> > "[log in to unmask]<mailto:[log in to unmask]>" 
> > <[log in to unmask]<mailto:[log in to unmask]>
> > >
> > Subject: Re: RPZ & content control
> > 
> > Thanks for picking this up Niels.
> > 
> > The At Large Community has been up at arms on this issue frequently in the past and has made numerous submissions to ICANN's Compliance Team through the ALAC or through the ALS's or individual members.  For institutional memory, in that department you may wish to connect with   Garth Bruen <[log in to unmask]<mailto:[log in to unmask]>>  and he'll give you an update.
> > 
> > On Wed, Apr 12, 2017 at 12:50 AM, Niels ten Oever <[log in to unmask]<mailto:[log in to unmask]>> wrote:
> > Hi all,
> > 
> > Have you all followed the discussion around RPZ ? It is a 
> > (proposed)protocol which allows for the blacklisting of certain 
> > addresses, reportedly to address malware, but you can imagine how 
> > this could be used differently.
> > 
> > https://tools.ietf.org/html/draft-ietf-dnsop-dns-rpz-00
> > 
> > https://dnsrpz.info/
> > 
> > http://www.circleid.com/posts/20100728_taking_back_the_dns/
> > 
> > Is this a discussion that has also been held in ICANN, or is this a 
> > 'let's route around ICANN'-kind of solution?
> > 
> > Cheers,
> > 
> > Niels
> > 
> > PS Sorry if I have missed earlier discussions on this.
> > 
> > 
> > 
> > --
> > Niels ten Oever
> > Head of Digital
> > 
> > Article 19
> > www.article19.org<http://www.article19.org>
> > 
> > PGP fingerprint    8D9F C567 BEE4 A431 56C4
> >                      678B 08B5 A0F2 636D 68E9
> > 
> > 
> > 
> > --
> > Salanieta Tamanikaiwaimaro
> > Director
> > Pasifika Nexus
> > P.O Box 17862
> > Suva
> > FIJI
> > 
> > Cell: +679 7656770
> > Tel: +679 3362003
> > E: [log in to unmask]<mailto:[log in to unmask]>
> > Website: www.pasifikanexus.nu<http://www.pasifikanexus.nu>
>
ATOM RSS1 RSS2
LISTSERV.SYR.EDU