On 2005-12-06 08:59:22 -0800, Douglas Otis wrote: > > On Dec 6, 2005, at 12:59 AM, Peter J. Holzer wrote: > > >On 2005-12-05 10:50:29 -0800, Douglas Otis wrote: > >>There could be a minor concern regarding the use of the term > >>blacklist. This could create additional expenditures explaining how > >>an IP black-hole list (terminology used in BGP) is different from the > >>blacklisting of an individual, as such definitions carry significant > >>legal importance. It may be helpful to substitute to the term > >>"black- > >>hole list" for "blacklist." > > > >I don't think so. The terms "blacklist" and "whitelist" have well > >defined meanings. A blacklist is a list of known bad guys (well, > >usually not guys, but IP addresses, domain names, email addresses, > >public keys or whatever your list contains) by some criteria, And, just in case that wasn't clear, these criteria don't have anything to with moral concepts of "good" and "bad" or with legal concepts. They don't even have to make universal sense. > >while a whitelist is a list of known good guys. What you do with > >those lists is up to you. As the draft itself mentions, even the definition of whether something is a blacklist or whitelist is up to the user of the list. The same list may be used by some as a blacklist and by others as a whitelist. > >The term "blackhole list" otoh suggests strongly the purpose of the > >list: The addresses on the list should be blackholed, i.e., any > >traffic from (and maybe to) them dropped. > > Black-holing is exactly how the BGP version of the list works. Er, you might not have noticed, but this draft is not about the RBL, but about DNS blacklists and whitelists in general. There are now more than one and the RBL is mainly of historical interest. > All traffic is "black-holed" for that IP address. Right. And this NOT what a blacklist is about. So blackhole list is the wrong term for a DNSBL. > The term blacklist also has other legal meanings that should be > avoided if possible. This is a technical paper, not a legal one. It is often the case that the same term has different meanings for people of different professions. If I'm running a slave DNS server, I won't get into conflict with anti-slavery laws. > Black-hole is more illustrative of the treatment given the traffic, It is illustrative for one of many possible treatments. It suggests that this is the only possible treatment, which is bad. > rather than suggesting this involves an individual as referenced in > various laws. It has nothing to do with laws. It doesn't even have anything to do with individuals. The entities referenced in DNSxLs are usually IP-addresses, not individuals. If you have a (possibly infinite) set of entities, and you want to treat some of these in some way better than others (e.g., by accepting mail from them, relaying mail for them, accepting larger attachments or more types of attachments, etc.), you have two possibilites: 1) You can make a list of all those which you want to treat better (the whitelist) 2) You can make a list of all those which you want to treat worse (the blacklist) Generally, you will base your decision on whether you choose the whitelist or blacklist approach on the size of the resulting list (you especially don't want an infinitely long list) and on which side you want to err for previously unknown entities: The whitelist approach errs on the side of caution: Everybody who isn't on the good list is presumed bad. The blacklist approach is optimistic: Everybody not on the bad list ist presumed good. hp -- _ | Peter J. Holzer | Ich sehe nun ein, dass Computer wenig |_|_) | Sysadmin WSR | geeignet sind, um sich was zu merken. | | | hjp at hjp.at | __/ | http://www.hjp.at/ | -- Holger Lembke in dan-am
Attachment:
pgpz4bfbdlVP0.pgp
Description: PGP signature
_______________________________________________ Asrg mailing list Asrg at ietf.org https://www1.ietf.org/mailman/listinfo/asrg