On 11/10/08 10:37 PM, John Levine wrote:
I hope the charter, unlike the previous one, will require the
development of a protocol for communicating email sender reputation
that can be implemented in email products without known patent
encumbrances that are incompatible with open source software.
Further to what I wrote yesterday, the 2 IDN algorithms: ToASCII and ToUnicode
perhaps would need tweaks hence ToASCII2 and ToUnicode2 with perhaps ASCII
registrations needing also an ACE sort prefix, say yn-- similar to xn-- that
are put for IDN. This development could then allow MDN
Ehm, I don't think I want to enter into the 'issues' in Mr Anderson's
post, but I do like his I hate John Levine web page, I think all of
those who become graced with their own I hate you ranting web page
have verifiably achieved greatness (well done John ;)
This bit though I can elaborate
Would refusing to publish as a standard stop
implementations or merely create potential interoperability
issues that could lead to more legitimate messages being dropped?
How would refusing to publish a document that is already public,
CREATE potential interoperability issues? The question
..ASCII domain names *are* in fact
punycode domain names
by definition.
That's the problem and the reason for Punycode2 allowing ASCII
registrations to be Punycoded via Punicode2.
This is called *backward compatibility* and this is what permits punycode
registrations to be
Eliot Lear wrote:
On 11/10/08 10:37 PM, John Levine wrote:
I hope the charter, unlike the previous one, will require the
development of a protocol for communicating email sender reputation
that can be implemented in email products without known patent
encumbrances that are incompatible with
On 11 Nov 2008, at 15:38, Theodore Tso wrote:
On Mon, Nov 10, 2008 at 05:12:56PM +, Steve Linford wrote:
I certainly agree that there are hundreds of small DNSBLs run from
kid's
bedrooms which list on incomprehensible wildly over-broad policies
and
that such DNSBLs are both antagonistic
Keith,
1. Would declining to publish as a standard harm or hurt the
community? Would refusing to publish as a standard stop implementations
or merely create potential interoperability issues that could lead to
more legitimate messages being dropped?
How are either of these questions
Eliot Lear wrote:
On 11/10/08 10:37 PM, John Levine wrote:
What would be the point of yet another WG to reinvent this wheel?
I tend to agree. Here are a few questions for the IESG when considering
this matter:
I strongly urge community and IESG folk to think carefully about the
[EMAIL PROTECTED] wrote:
DNSBLs are a temporary band-aid solution for a badly broken
Internet email architecture.
DNS-based reputation lists have been in production use for at least 11 years?
There is no industry move to reduce their use.
By what metric does this qualify as temporary?
Steve Linford wrote:
On 11 Nov 2008, at 15:11, Peter Dambier wrote:
Hi Steve,
sorry to mention spamhaus again,
but that is the reason why many german and especially austrian
mailoperators had to give up blacklisting completely
I do not think it is productive to use this
Well, we have a critical dependency on a star that is going to run out of
hydrogen at some point...
From: [EMAIL PROTECTED] on behalf of Dave CROCKER
Sent: Tue 11/11/2008 10:42 AM
To: [EMAIL PROTECTED]
Cc: ietf@ietf.org
Subject: Re: IP-based reputation
I have serious concerns with doing ANYTHING with the DNSBL entity
because of the damage that it may do to our sponsors...
The IETF operates Standards not third party services, and so somehow
this seems inappropriate.
Todd Glassey
Keith Moore wrote:
Eliot Lear wrote:
The working group
Dear List,
Could someone identify the jabber server that hosts the discussion
rooms (chat rooms ) for the upcoming IETF conference?
How does one get an account on this jabber server?
Does this server require SASL authentication?
I am writing a client that will be communicating with this server
On 11/11/08, Peter Saint-Andre [EMAIL PROTECTED] wrote:
As far as I know it uses the ejabberd codebase.
Thanks! that will help! (I hope)
How does one get an account on this jabber server?
You don't. This server is used only to host the chatrooms. You need to
create an account on one of
Greetings,
All 8 parallel tracks will be broadcast starting with the
commencement of working group sessions on Monday, November 17, 2008 at
0900 CST and continue until Friday the 21st at 1130 CST. Additionally it
is our intention to broadcast the IEPG meeting occurring on Sunday
the 26th starting
Keith Moore wrote:
Tony Finch wrote:
On Sun, 9 Nov 2008, Keith Moore wrote:
It is worth repeating that just because the notion of a reputation
service has value, and such services are widely used, does not imply
that using IP addresses as identifiers or the DNS protocol as a means of
Keith Moore schrieb:
1. suitability of the DNS data and query model. right now this protocol
essentially communicates one bit of information to be used in a decision
- i.e. whether the address or domain name is good or bad. I suspect
This is wrong. For todays DNSxLs, many queries return
TS Glassey schrieb:
4. effects of DNS caching. if a host is removed from a blacklist it
should arguably be removed from all caches instantly, but DNS isn't
designed to facilitate that.
The use of the term SHOULD here has legal implications - since many of
these hosts were put into the
On Mon, Nov 10, 2008 at 07:04:27PM +, Tony Finch wrote:
On Mon, 10 Nov 2008, Keith Moore wrote:
okay. I found myself wondering if the change in address space size, and
in granularity of assignment, might make DNSBLs less reliable. Which is
a different kind of scalability.
IPv6's
On Tue, 11 Nov 2008, Theodore Tso wrote:
Questions like, so how does this work in the face of the expanded
IPv6 address space, ideally should be addressed earlier during the
standardization process, and not in last call (where, oh well, we'll
just block the whole /48 or /32 might have
This document is 36 pages long, yet devotes only a single paragraph to the
use of extended RADIUS attributes. Since the extended attribute set is
likely the one to be most used in the future, this seems a rather gross
oversight. I would suggest that the authors try to design a few extended
On 11/11/08 10:22 AM, [EMAIL PROTECTED] wrote:
DNSBLs are a temporary band-aid solution for a badly broken
Internet email architecture. They have provided the community
with an education but that doesn't mean that they should be
standardised by the IETF.
DNSBLs are over 10 years old and
Matthias
Any DNS BL Listing process where those listings are based on complaints
would create this.
The issue is that if SPAM HEADERS can have the source addresses forged
then the DNS Blocking systems which were listed in those forged headers
need to take that into account. So far as I can
Joe,
On Tue, Nov 11, 2008 at 08:20:11AM -0800, Joe St Sauver wrote:
I'm not aware of DNS block lists which cover IPv6 address spaces at
this time, probably in part because IPv6 traffic remains de minimis
(see http://asert.arbornetworks.com/2008/8/the-end-is-near-but-is-ipv6/
showing IPv6
Spencer Dawkins wrote:
Summary: Ready for publication as Proposed StandardComments: I'm not
addressing meta-issues in this review that have already popped up during
Last Call comments...
Spencer, thanks.
Just for completeness, given the meta-issues that have arisen and that it is out
of
there's a lot of evil e-mail messages out there; the cost of
letting even one of those messages through is unacceptable,
so false positives are OK.
This is precisely the sort of thing that should have been
covered in much more detail in the Security Considerations
section of the draft.
On Mon, Nov 10, 2008 at 05:12:56PM +, Steve Linford wrote:
I certainly agree that there are hundreds of small DNSBLs run from kid's
bedrooms which list on incomprehensible wildly over-broad policies and
that such DNSBLs are both antagonistic and useless and as a result are
used by
Keith, I find myself in complete agreement with your message. I
particularly like the fact that you took the time to go through a
complicated reasoning process in a slow, clear manner so that your
readers could determine whether they agree with your reasoning and if
not, where they disagree.
In fact, the people who use these DNSBL blacklists do so only for a
short time, until they get burned and stop using them. That's what
happens routinely with SORBS.
If SORBS is your idea of a best-of-breed DNSBL, I can understand your
scorn. But it's not. You want to see a DNSBL done right,
Eliot Lear wrote:
The working group could analyze the requirements of a reputation service
based on IP address, determine whether and how any newly discovered
requirements could be met using DNS, and fill in any details that are
missing from the informational specification that are needed for
On Sat, Nov 08, 2008 at 07:32:09PM -0500, Chris Lewis wrote:
It's been through at least four iterations on the ASRG, so it already
has been worked on there. Extensively.
Having witnessed those iterations (and contributed in a very minor
way to them), I can report that the process was lively,
Athar Shiraz Siddiqui wrote:
Dear List,
Could someone identify the jabber server that hosts the discussion
rooms (chat rooms ) for the upcoming IETF conference?
As far as I know it uses the ejabberd codebase.
How does one get an account on this jabber server?
You don't. This server is
Tony Finch wrote:
Note that anti-spam blacklists are distributed by more mechanisms than
just the DNS. Questions of listing policy apply whatever protocol is
used, so they shouldn't be addressed in a document that just describes
a DNS-based query protocol.
I have a similar objection the
There has been some debate in this forum on whether DNSxLs are an appropriate
tools for stopping spam. Whether or not IP-based blocking is a philosophically
appropriate method to use, every large scale ISP uses these lists as a first
line defense against spam. DNSxLs are a much-used and
Chris Lewis wrote:
Tony Finch wrote:
Note that anti-spam blacklists are distributed by more mechanisms than
just the DNS. Questions of listing policy apply whatever protocol is
used, so they shouldn't be addressed in a document that just describes
a DNS-based query protocol.
I have a
--- On Tue, 11/11/08, Ruszlan Gaszanov [EMAIL PROTECTED] wrote:
From: Ruszlan Gaszanov [EMAIL PROTECTED]
Subject: RE: Punycode at ASCII for IDN MDN via Y2K Project Management
To: [EMAIL PROTECTED], ietf@ietf.org
Date: Tuesday, 11 November, 2008, 9:36 AM
.. without messing up the
Correction 1: FUD (Fear, Uncertainty and Doubt)
Correction 2: This is then your goal at the internet/web, it
then is also related to your passive/active goal beyond internet/web technical
activities.
Corrected also at below emailed copy.
Regards
Meeku
http://twitter.com/nepotism
--- On
David Kessens wrote:
Joe,
On Tue, Nov 11, 2008 at 08:20:11AM -0800, Joe St Sauver wrote:
I'm not aware of DNS block lists which cover IPv6 address spaces at
this time, probably in part because IPv6 traffic remains de minimis
(see
Having spent 13 years managing abuse (Spam/Phishing/Botnets) within a large ISP
organization, 5 to 6 years in a leadership position of the Messaging Anti-Abuse
Working Group and active member of the Canadian National Cyber-Forensics
Training Alliance, I can say that DNSxL's are a critical
Athar Shiraz Siddiqui wrote:
On 11/11/08, Peter Saint-Andre [EMAIL PROTECTED] wrote:
As far as I know it uses the ejabberd codebase.
Thanks! that will help! (I hope)
How does one get an account on this jabber server?
You don't. This server is used only to host the chatrooms. You need
Lawrence Rosen wrote:
Lisa and Chris have stated that they're open to consider chartering
new WG if there seems to be consensus on a charter.
What about it, folks?
As one of the people who objected when the previous spam WG was under way, I
now support this proposal to form a new WG
Hi Steve,
sorry to mention spamhaus again,
but that is the reason why many german and especially austrian
mailoperators had to give up blacklisting completely and turned
to graylisting.
Greylisting is mostly the same as blacklisting except you dont
depend on somebody else to maintain the list.
The fact that [DNSBLs] are widely used is sad, not a justification
for standardization.
True. The justification is not simply that they are widely used; it
is that they are widely used, they are often done wrong, they are of
tremendous value when done right, and of actively negative value
Sorry, I misremembered.
The correct number from the presentation is 0.238% - only Russia,
Ukraine and France have more than 0.5% IPv6.
Presentation available from
http://rosie.ripe.net/presentations-detail/Thursday/Plenary%2014:00/index.html.
Harald
Turchanyi Geza
On 11 Nov 2008, at 15:11, Peter Dambier wrote:
Hi Steve,
sorry to mention spamhaus again,
but that is the reason why many german and especially austrian
mailoperators had to give up blacklisting completely
I do not think it is productive to use this ietf@ietf.org list for
personal
I'm the sponsor of the DNSBL Internet-Draft. I've been following this
discussion and it seems to me there have been fair objections raised
to putting the document as-is on the Standards Track. I'll consult with
the authors about whether they'd like to figure out exactly what the IETF
does have
TS Glassey wrote:
Matthias
Any DNS BL Listing process where those listings are based on complaints
would create this. [spoofed IPs in DNSBLs]
Few DNSBL listing processes rely on complaints as you put it.
Certainly, none of the popular ones use them extensively, and most
refuse them. Eg: the
Tony Finch wrote:
On Sun, 9 Nov 2008, Keith Moore wrote:
It is worth repeating that just because the notion of a reputation
service has value, and such services are widely used, does not imply
that using IP addresses as identifiers or the DNS protocol as a means of
transmitting reputation are
Am 11.11.2008 um 22:34 schrieb Harald Alvestrand:
8% - only Russia, Ukraine and France have more than 0.5% IPv6.
Presentation available from http://rosie.ripe.net/presentations-detail/Thursday/Plenary%2014:00/index.html
.
wow , i am impressed 0.76% , so russia has more overall ipv6 traffic
On Sun, 9 Nov 2008, Keith Moore wrote:
It is worth repeating that just because the notion of a reputation
service has value, and such services are widely used, does not imply
that using IP addresses as identifiers or the DNS protocol as a means of
transmitting reputation are technically
der Mouse wrote:
But DNSBLs can't solve the problem when spam is sent via botnets.
That's actually true, but not for the reason you imply. DNSBLs can't
solve the problem _at all_; it's a social level problem and requires a
social level solution. Wnat DNSBLs do is mitigate the damage so
At 11:50 10-11-2008, der Mouse wrote:
What the IETF _does_ have a chance to do here is to improve the quality
of a critical piece of Internet infrastructure (email without DNSLs in
today's net is either unusable or very heavily balkanized) by
standardizing those aspects that are in shape to be
In message [EMAIL PROTECTED], der Mouse write
s:
Furthermore, you appear to think that all DNSBLs are reactive in
nature. This is not true; there are at least a few DNSBLs that
proactively list large indistinguishable pool addresses. In at least
one case, the pools are submitted to them by
Dave CROCKER wrote:
[EMAIL PROTECTED] wrote:
DNSBLs are a temporary band-aid solution for a badly broken
Internet email architecture.
DNS-based reputation lists have been in production use for at least 11
years? There is no industry move to reduce their use.
and yet spam remains a
Theodore mentioned:
#Let me get this straight. It's OK to block e-mail messages on the
#basis of unauthenticated rumors,
Most DNS block lists are based on empirical factors, not rumors.
For example, in the case of manual anti-spam block lists, like the
Spamhaus SBL, typically listings include
Hi -
From: Jonathan Curtis [EMAIL PROTECTED]
To: ietf@ietf.org
Sent: Tuesday, November 11, 2008 12:49 PM
Subject: Comments on Draft IRTF ASRG DNSBL - 07
...
2. The impact of DNSxL's when applied on Inbound Email Servers
is significant with very little collateral damage.
...
I guess this
In message [EMAIL PROTECTED]
, Jonathan Curtis writes:
2. The impact of DNSxL's when applied on Inbound Email Servers is significant
with very little collateral damage. A good estimate is that over 70% of all sp
am email is prevented by the application of DNSxBL's, sparing many service pro
Greetings. This message is to draw your attention to the significance
of the publication of RFC5377 and RFC5378 earlier today.
* RFC5377 is Advice to the Trustees of the IETF Trust on Rights to Be
Granted in IETF Documents
* RFC5378 is Rights Contributors Provide to the IETF Trust
Note that
David mentioned:
#For the record:
#
#It seems that arbornetworks estimates are extremely low to the point
#where one has to ask whether there were other issues that caused such
#a low estimate.
#
#There is no question that IPv6 traffic is quite low in the Internet.
#However, many other reports
Dear colleagues,
We have read draft-irtf-asrg-dnsbl-07. We have some comments on the
draft in response to the last call. We wish to emphasise that, while we
currently serve as the co-chairs of the DNS Extensions working group,
these comments are merely our own, and are not representative of the
On Tue, 11 Nov 2008, Harald Alvestrand wrote:
The correct number from the presentation is 0.238% - only Russia, Ukraine and
France have more than 0.5% IPv6.
Presentation available from
http://rosie.ripe.net/presentations-detail/Thursday/Plenary%2014:00/index.html.
Depends on what you're
On 11/12/08 1:03 AM, Dave CROCKER wrote:
Why?
What are the specific aspects of this specification that fail to
qualify for Proposed Standard?
This is precisely what I want to know.
What changes to the specification will fix these deficiencies?
What he said.
Eliot
The charter of the Mobility for IP: Performance, Signaling and Handoff
Optimization (mipshop) working group in the Internet Area of the IETF has
been updated. For additional information, please contact the Area
Directors or the working group Chairs.
Mobility for IP: Performance, Signaling and
The IESG has approved the following document:
- 'CAPWAP Protocol Specification '
draft-ietf-capwap-protocol-specification-15.txt as a Proposed Standard
This document is the product of the Control And Provisioning of Wireless
Access Points Working Group.
The IESG contact persons are Dan
The IESG has received a request from the Routing Over Low power and Lossy
networks WG (roll) to consider the following document:
- 'Urban WSNs Routing Requirements in Low Power and Lossy Networks '
draft-ietf-roll-urban-routing-reqs-02.txt as an Informational RFC
The IESG plans to make a
66 matches
Mail list logo
