On Sep 24, 2010, at 5:17 PM, John Levine wrote: >> IANAL but would think that such practice should expose the operator >> of the server or proxy to civil and/or criminal action, both from the >> operators of the zones whose RRs are being misrepresented, and from >> the users' whose applications are affected. > > I'm not a lawyer either, but I at least know that fraud requires > intent. > > If a naive user clicks on a link in spam, and the DNS cache intercepts > the request and returns a pointer to a warning page rather than a > Ukranian malware site, that's not fraud, that's a service. No, it's still fraud. You might personally believe that it's okay for an ISP to do harm to a site that it believes is distributing malware, but a court of law might see it differently. Nobody has given the ISP the authority to misrepresent others' DNS zones. I want my ISP to deliver packets to their destination addresses, not to try to second-guess which destination addresses I actually want to talk to. That is completely outside of their area of competence. Nor is it within the ISP's competence to decide that HTTP needs to work well (according to its definition of "well") at the expense of all other applications. Now if an ISP allows users to opt-in to such a service, telling its prospective customers what it's going to do to DNS responses and explaining to them all of the various ways that their "service" can harm applications, that's a different matter. Keith _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf