> To be clear and to boil it down: This draft publishes a method to supply > different answers to different users and to hide the truth of those lies to > the same users.
So do for instance BIND views. > Unless a registry, court or resource owner authorizes this, it is > lying, cheating, "fraudy" and definately deceptive. (like a cockroach > when exposed to light) This is, ultimately, always a local decision. In "my" network I have at times returned incorrect answers to queries for <random>.domain - in order to mitigate the effects of "water torture" attacks. Yes, this is definitely lying. The alternative is to do nothing, and let the attack on the authoritative name servers continue. I'm afraid your characterization above isn't going to change this. > I think that if people knew what we were talking about and > truly understood the issues, there would be an uprising. I think most people have little or no idea what DNS is about. However, if they truly understood the issues, they would probably also understand the need for RPZ. Steinar Haug, AS2116 _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
