On Sep 24, 2010, at 5:17 19PM, John Levine wrote: >> IANAL but would think that such practice should expose the operator >> of the server or proxy to civil and/or criminal action, both from the >> operators of the zones whose RRs are being misrepresented, and from >> the users' whose applications are affected. > > I'm not a lawyer either, but I at least know that fraud requires > intent. > > If a naive user clicks on a link in spam, and the DNS cache intercepts > the request and returns a pointer to a warning page rather than a > Ukranian malware site, that's not fraud, that's a service. If you > claim otherwise, people will look at you quizzically, like you're > spouting nonsense, which under the circumstances would be > understandable. It also reinforces the perception that the IETF is > out of touch and hasn't noticed that it's no longer 1990. > > Any analysis of DNS spoofing needs to take into account intentions and > tradeoffs. On networks of consumer PCs, intercepting requests for > malware sites is a 100% win. I'm not thrilled about the practice of > replacing NXDOMAIN with the A record of a page of links to lexically > similar web sites, but the actual harm of doing that on consumer > networks (not networks with servers) is pretty hard to show. > Replacing a valid record that isn't a pointer to malware with another > is indeed bad, but I don't know anyone who does that. It will be interesting to see what will happen to these "services" when DNSSEC is used more widely. Me -- VPNs are your friend; I use them to deflect all sorts of damage. --Steve Bellovin, http://www.cs.columbia.edu/~smb _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf