In message <alpine.LSU.2.00.1105170943460.30098@xxxxxxxxxxxxxxxxxxxxxx>, Tony F inch writes: > Fred Baker <fred@xxxxxxxxx> wrote: > > > > In this case, the draft is talking about a particular variety of DNS > > service. One might call is "DNS Whitelisting" when the context isn't > > clear, but I think in this case the context is clearly not DKIM. > > The problem is that the specific phrase "DNS whitelist" is already used in > the anti-spam world, so it would be helpful if IPv6 resolver whitelists > used a different descriptive phrase. > > The anti-spam blacklist/whitelist terminology is often quite poor. I think > it is clearer to talk about what is listed (as in URIBL) rather than how > the list is published (DNSBL) since the latter doesn't immediately explain > how the list is supposed to be used. See for example the cautionary note > at http://www.spamhaus.org/dbl/ > > In the case at hand, the list does not contain AAAA RRs as the abstract > suggests, it contains IPv6-capable resolvers. The whitelist isn't > published in the DNS, so it doesn't match the existing use of the phrase > "DNS whitelist". No. It contains just resolvers. All the resolvers in the world should be capable of resolving AAAA records if they followed RFC 1034. It was clear enough that unknown == opaque blob in terms of actually resolving data. What wasn't clear was how to load and display the data in the opaque blobs but once the data was in the system moving it around shouldn't have been a problem. A IPv6 capable resolver uses IPv6 as a transport. A IPv6 capable resolver may do its own AAAA lookups. A IPv6 capable nameserver may *not* even be able to decode AAAA presentation format. It may just be being handed blobs of data. AAAA doesn't require any special handling in a nameserver. > So I suggest retitling the document "IPv6 DNS resolver whitelisting" and > revising the terminology throughout to match. e.g. "DNS resolver whitelisting for AAAA resolution" describes what is being talked about. > This document describes the emerging practice of whitelisting of IPv6 > capable DNS resolvers, to determine which resolvers may be sent AAAA > resrource records. This technique is referred to as IPv6 whitelisting. > The document explores the implications of this emerging practice are > and what alternatives may exist. > > The practice of IPv6 whitelisting appears to have first been used by > major web content sites [...] > > As a result of this impairment affecting end users of a given domain, > a few major domains have either implemented IPv6 whitelisting or are > considering doing so [NW-Article-DNS-WL] [IPv6 Whitelist Operations]. > When implemented, IPv6 whitelisting in practice means that a domain's > authoritative DNS will return a AAAA resource record to DNS recursive > resolvers [RFC1035] on the whitelist, while returning no AAAA > resource records to DNS resolvers which are not on the whitelist. It > is important to note that these major domains are motivated by a > desire to maintain a high-quality user experience for all of their > users. By engaging in IPv6 whitelisting, they are attempting to > shield users with impaired access from the symptoms of those > impairments. > > etc. > > Tony. > -- > f.anthony.n.finch <dot@xxxxxxxx> http://dotat.at/ > Rockall, Malin, Hebrides: South 5 to 7, occasionally gale 8 at first in > Rockall and Malin, veering west or northwest 4 or 5, then backing southwest 5 > or 6 later. Rough or very rough. Occasional rain. Moderate or good, > occasionally poor. > _______________________________________________ > v6ops mailing list > v6ops@xxxxxxxx > https://www.ietf.org/mailman/listinfo/v6ops -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@xxxxxxx _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf