On Mon, 19 Dec 2016 07:53:42 +0100 "Ralf Weber" <d...@fl1ger.de> wrote: > Moin! > Aloha
<snip> > > DNS admins also have a fiduciary responsibility to their users. > > Other services also have implied fiduciary responsibility, like > > email, but DNS is a direct service - Your user is asking you, right > > now, for a fact, not a best guess. Your user is asking you : What > > are the operators of my bank saying their IP number is. > So if this is the IP of a phishing site or the IP of an command and > control host that tells its bot to execute criminal action you still > valid the accuracy of the answer higher then possible damage this > could do to your user? > yes. In your example, ethically, it is a problem that should be addressed on IP, not on DNS It is never okay to tell lies. and then to add deception to the already ethically flawed approach offends. > I don't and I've been using similar techniques either as employee of > a DNS operator or a DNS software vendor for 10 years now. > Local policy, which this is, always trumped validation and in the end > user can validate and find out that this answer doesn't validate > and then can try to find out why, but honestly most internet users > have no idea what DNS let alone DNSSEC is or how to deal with it. > Protecting Internet users with DNS by not letting them go to these > sites seems like a good idea to me and is also done by e.g browser > vendors (have you complained to them ;-). > Sure this technology can be used to bad things, but that is true > for a lot of other technologies also. It's the use that makes them > bad and not the technology itself. > this is exactly the same argument the authors of other software uses and also argues for the use of DNS as a firewall, etc. and you are of course correct: you are free to develop malware, write virus and do anything your heart desires. It is your DNS servers, you may do anything you like and answer anything you want. but, to publish protocols and request comments on how to operate a botnet or do whatever you wish to do that is not ethical, is crossing a line. To legitimize the telling of lies and to define protocols that hides the truth from users, (deception) for whatever reason, is wrong. My argument is extremely simple to counter, I am saying one word: dishonesty I assume you are saying that it is okay to lie, cheat (and steal?) if the reason you are doing it is well intended? - Please correct me if I am wrong? I am saying that it is never okay to lie, steal, cheat, deceive, etc. maybe we can talk about that? Ethics? - Do DNS admins have other ethics than those of normal people? Are DNS admins special? may they decide to be the Internet Executioners and is it okay for DNS Admins to lie, cheat or steal? > So long or short, depending on your POV :) Andre _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
