Andrew Sullivan wrote: > On Thu, Nov 13, 2008 at 08:18:01AM -0800, Dave CROCKER wrote: >> The difficulty is that the current line of argument is that because some >> DNSBLs are operated badly, DNSBLs are bad. > > I think that's not quite fair. My impression is that there is more > than one line of argument. Here are some different ones that I have > observed in this discussion, some of which seem never to be getting > answers. (Or, sometimes, they seem to be getting answers that are > counter-arguments the the first. I believe philosophers would call > those examples of the straw person fallacy.) > 1. Some DNSBLs are bad, therefore all DNSBLs are bad. (The one you > note, and which is obviously bogus.) Obviously. > 2. DNSBLs are in themselves bad, because there is no way to guarantee > that they won't contain false positives; they are nevertheless > possibly useful, but the trade-offs are inadequeately described in the > current document. If all that's missing is a few sentences in the Security Considerations section, I'm sure that we can get somewhere with that, on the other hand, discussion of those types of tradeoffs probably don't belong in this draft, but a BCP. > 3. DNSBLs are not in themselves bad, but the implementation of them > as described in the current draft (which does describe the current > state of the art in DNSBLs) _is_ bad. The current behaviour and the > desirable behaviour ought to be separated, and one described while the > other is standardized. Behaviour of DNSBL != information transfer protocol. The document at hand only describes the protocol, and should only describe the protocol, and the security considerations should be on the protocol, not the behaviour. "Behaviour" is better described in another document. Like the BCP I'm supposed to finish the .05 revision on ASAP. [If I can stop following this thread maybe I'll get it finished.] _______________________________________________ Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf