Re: [v6ops] Review of draft-v6ops-v6-aaaa-whitelisting-implications-03

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Fred Baker <fred@xxxxxxxxx> wrote:
>
> In this case, the draft is talking about a particular variety of DNS
> service. One might call is "DNS Whitelisting" when the context isn't
> clear, but I think in this case the context is clearly not DKIM.

The problem is that the specific phrase "DNS whitelist" is already used in
the anti-spam world, so it would be helpful if IPv6 resolver whitelists
used a different descriptive phrase.

The anti-spam blacklist/whitelist terminology is often quite poor. I think
it is clearer to talk about what is listed (as in URIBL) rather than how
the list is published (DNSBL) since the latter doesn't immediately explain
how the list is supposed to be used. See for example the cautionary note
at http://www.spamhaus.org/dbl/

In the case at hand, the list does not contain AAAA RRs as the abstract
suggests, it contains IPv6-capable resolvers. The whitelist isn't
published in the DNS, so it doesn't match the existing use of the phrase
"DNS whitelist".

So I suggest retitling the document "IPv6 DNS resolver whitelisting" and
revising the terminology throughout to match. e.g.

   This document describes the emerging practice of whitelisting of IPv6
   capable DNS resolvers, to determine which resolvers may be sent AAAA
   resrource records. This technique is referred to as IPv6 whitelisting.
   The document explores the implications of this emerging practice are
   and what alternatives may exist.

   The practice of IPv6 whitelisting appears to have first been used by
   major web content sites [...]

   As a result of this impairment affecting end users of a given domain,
   a few major domains have either implemented IPv6 whitelisting or are
   considering doing so [NW-Article-DNS-WL] [IPv6 Whitelist Operations].
   When implemented, IPv6 whitelisting in practice means that a domain's
   authoritative DNS will return a AAAA resource record to DNS recursive
   resolvers [RFC1035] on the whitelist, while returning no AAAA
   resource records to DNS resolvers which are not on the whitelist.  It
   is important to note that these major domains are motivated by a
   desire to maintain a high-quality user experience for all of their
   users.  By engaging in IPv6 whitelisting, they are attempting to
   shield users with impaired access from the symptoms of those
   impairments.

etc.

Tony.
-- 
f.anthony.n.finch  <dot@xxxxxxxx>  http://dotat.at/
Rockall, Malin, Hebrides: South 5 to 7, occasionally gale 8 at first in
Rockall and Malin, veering west or northwest 4 or 5, then backing southwest 5
or 6 later. Rough or very rough. Occasional rain. Moderate or good,
occasionally poor.
_______________________________________________
Ietf mailing list
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf


[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]