Niels and all,

At 2017-04-11 14:50:13 +0200
Niels ten Oever <[log in to unmask]> wrote:

> Have you all followed the discussion around RPZ ? It is a
> (proposed)protocol which allows for the blacklisting of certain
> addresses, reportedly to address malware, but you can imagine how this
> could be used differently.

To be clear, this is not a proposed protocol, it is code running in
production on many high-volume resolver installations. The IETF effort
is an attempt to standardize this to insure interoperability between
vendors.

> https://tools.ietf.org/html/draft-ietf-dnsop-dns-rpz-00
> 
> https://dnsrpz.info/
> 
> http://www.circleid.com/posts/20100728_taking_back_the_dns/
> 
> Is this a discussion that has also been held in ICANN, or is this a
> 'let's route around ICANN'-kind of solution?

Certainly improved ability to block domains will impact ICANN's
constituents, so it probably makes sense to follow the work and for
interested ICANN participants to join any discussions in the IETF.

However I believe that RPZ is outside of ICANN's remit. As such I
don't believe that there is any direct role for ICANN in this, beyond
the possible work of IANA in publishing any eventual RFC's that arise.

Cheers,

--
Shane