[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Dan Bernstein's issues about namedroppers list operation
Dan Bernstein has been making repeated claims that Randy is censoring
his postings to namedroppers. I took a look at the claims he has made
and here is how I see things.
Executive summary: I see no evidence that Randy is censoring postings
from Dan. It is the case that some of his messages do not appear to
have made it out on namedroppers, but it is unclear why this is.
Furthermore, given that most of these missing messages were cc'ed to
other lists (i.e., the ietf and iesg lists), there is no evidence of
censorship.
Namedroppers is a posters-only mailing list that is run in conformance
with the policies outlined in
http://www.ietf.cnri.reston.va.us/IESG/STATEMENTS/mail-submit-policy.txt.
Specifically, all mail sent to namedroppers is:
1) first run through spamassassin. Mail that is rejected here is not
archived, as the number of such messages is large. All mail sent to
mailing lists on the server hosting namedroppers is run though
spamassassin, so this is not a namedroppers-specific procedure.
2) if sent by a subscriber to the mailing list (or by someone in the
known posters list), the message is sent immediately.
3) Otherwise, it is queued waiting for approval (or rejection) by the
maling list operators. Both Randy and Mark Kosters see these
rejected postings. Mark has indicated that he has seen no rejected
postings that were not forwarded to the namedroppers mailing list
that should have been.
It does appear that *some* of the message that Dan has sent to
namedroppers have not appeared on the namedroppers mailing list. But
it is unclear why that happened. At the time of these postings, some
of his other messages have gone through. Also, most of the messages
that didn't appear did appear on other mailing lists that were
cc'ed. It is unclear why those messages did not make it to
namedroppers, but now that Dan's posting address is in the the list of
know posters for namedroppers, and his mail seems to be getting
through, it seems best to just keep an eye on further problems and
investigate them as soon as they happen (e.g, when relevant logs are
available). I see no evidence that Randy (or anyone else) is singling
out anyone's postings for rejection.
Details on specifics follow.
"D. J. Bernstein" <djb@cr.yp.to> writes:
> Bush imposed his mailing-list control methods without IESG approval, in
> violation of RFC 2418, section 3.2. He has been caught engaging in
> content-based censorship several times:
> http://cr.yp.to/djbdns/namedroppers.html
> Background
>
> The DNS protocol is covered by various IETF specifications.
> Unfortunately, obeying those specifications is not sufficient to ensure
> interoperability with BIND, in part because the specifications are
> ambiguous or otherwise flawed, and in part because BIND violates the
> specifications in many ways.
>
> These facts have hurt competition, and contributed to BIND's market
> share, at the expense of the users. For example, one site using lbnamed,
> a special-purpose DNS implementation, has had interoperability problems
> with BIND, and has been planning to abandon lbnamed in favor of BIND,
> even though this means giving up some useful features.
>
> In late 1999, after yet another BIND security hole was announced, I
> wrote a free BIND replacement. Interoperability among DNS
> implementations is, of course, essential. I found the IETF
> specifications horribly inadequate.
>
>
> The namedroppers mailing list
>
> IETF carries out its DNS protocol standardization activities within the
> DNSEXT working group. The DNSEXT mailing list is
> namedroppers@internic.net, also known as comp.protocols.dns.std.
This is old and incorrect, for quite some time. The mailing list is
namedroppers@ops.ietf.org. Mail from the mailing list may be gatewayed
one-way to usenet, but the reverse is not true. [Actually, I've been
told that usenet mail is selectively being forwarded back to the list
by someone, but it seems "very selectively", as this has happened to
only a handful of messages in several months.]
> ``Within the scope of this WG are protocol issues, including message
> formats, message handling, and data formats,'' the DNSEXT charter says.
> Several specific issues have been identified as work items, but other
> DNS protocol issues remain clearly within the charter. In particular,
> namedroppers is obviously the right forum for implementors to discuss
> current and future DNS interoperability problems.
>
> Unfortunately, namedroppers is being run in a way that slows down, and
> sometimes prevents, public communication among DNS implementors.
>
> Messages to namedroppers are not forwarded directly to subscribers. They
> are first sent to Randy Bush. They wait for Bush's review. Bush
> discards, edits, or misdirects messages that he doesn't like, and passes
> along what's left.
>
> Here are some specific examples. Many of these incidents involved
> opsmail.internic.net, which used some painfully slow, creaky, obsolete
> software to distribute messages to subscribers.
>
> * 1998-12: Bush discarded a message from Richard Sexton commenting
> on a proposed extension to MX records, a DNS protocol element.
> * 1998-12: Bush edited a message of mine, unilaterally removing a
> paragraph at the top that asked why opsmail was so slow. How is
> someone supposed to find out what the namedroppers subscribers
> think of how the mailing list is run, if complaints to the list
> are censored?
> * 1999-01: Bush discarded a message from Richard Sexton about client
> interpretation of the AA bit, a DNS protocol element, by NSI, the
> operators of some well-known DNS TLDs.
> * 1999-12: Bush discarded a message of mine
> <namedroppers/19991219005223-16101-qmail@cr-yp-to> concerning yet
> another DNS protocol violation by BIND. ``This belongs in
> bind-users@isc.org, not namedroppers,'' Bush told me
> <namedroppers/e11zwx7-0000lb-00@roam-psg-com>, incorrectly.
> * 1999-12-31: opsmail finally sent a message that it had received on
> 1999-11-04, nearly two months earlier, to a namedroppers
> subscription address that had been removed from the list on
> 1999-11-25.
> * 1999-12-31: I sent an urgent message
> <namedroppers/19991231010737-16203-qmail@cr-yp-to> to namedroppers
> attempting to confirm rumors of a DNS server bug that, if true,
> would have been triggered on occasion by my new DNS cache. Someone
> else sent a message to namedroppers 14 hours later, and then
> another message 4 hours after that; 12 minutes later, Bush sent
> those two messages to opsmail; several hours later, opsmail
> finally forwarded the messages to me. A day later, I asked Bush
> why my message hadn't appeared yet. He finally sent my message to
> opsmail three days after I had sent it. I saw a copy from opsmail
> several hours after that.
> * 2000-01-12: I sent another message
> <namedroppers/20000113013505-28147-qmail@cr-yp-to> to namedroppers
> pointing out a security problem that I had described on bugtraq,
> and asking DNSEXT to fix the relevant RFC, which had been
> co-written by Bush. My message never appeared on namedroppers.
> Bush didn't send me an explanation. I learned much later that Bush
> had deliberately misdirected
> <namedroppers/20000123065236-2897-qmail@cr-yp-to> my message,
> sending it to the dnsop mailing list.
> * 2000-01-28: I sent a message
> <namedroppers/20000128015807-6574-qmail@cr-yp-to> to namedroppers
> pointing out how Bush's censorship activities had biased DNSEXT
> discussions, and a message
> <namedroppers/20000129035223-3523-qmail@cr-yp-to> to namedroppers
> criticizing Bush's unilateral statement of the namedroppers scope.
> These messages were direct responses to recent namedroppers
> messages, the first by Thomas Narten, the second by Bush. Bush
> sent both messages back to me, without saying explicitly what he
> had done with them.
> * 2000-02-20: I pointed out
> <namedroppers/20000220195445-21265-qmail@cr-yp-to> on namedroppers
> that thousands of system administrators were using dotted-decimal
> domain names in MX records. There was some discussion on
> namedroppers. Rob Austein and Bill Manning asked for evidence;
> Bush claimed that he couldn't find even a single example ``in
> almost twenty thousand zones secondaried here from all over the
> world.'' A few days later, I sent survey results
> <namedroppers/20000225221016-31751-qmail@cr-yp-to> to namedroppers
> showing that there were approximately fifteen /thousand/
> second-level .com domains with dotted-decimal domain names in
> their MX records, usually with no other MX records. My message
> never appeared on namedroppers. ``Please report bugs in peoples
> zone files to the people with the bugs, not namedroppers,'' Bush
> told me.
> * 2000-02-21: Bush discarded a message from Dean Anderson
> <namedroppers/3-0-32-20000221220332-01705a94@odie-av8-com>
> supporting expansion of the MX protocol definition to allow
> dotted-decimal domain names.
> * 2000-02-23: I sent another message
> <namedroppers/20000223081350-27092-qmail@cr-yp-to> to namedroppers
> objecting to Bush's censorship. Bush discarded my message.
> * 2000-03-12: I sent a message
> <namedroppers/20000312222447-11277-qmail@cr-yp-to> to namedroppers
> asking about DNS query transmission strategy. Bush wrote back:
> ``if your question is about the protocol, then fine. if it is
> about how the dns operates and how folk's implementations effect
> that, then post it to the mailing list for that implementation or
> to the dnsop list. i.e. keep your bind bashing off this list.'' I
> responded: ``My message asks about an efficiency problem in the
> DNS protocol, and gives some illustrative examples. Are you going
> to pass my message along to the list, or not?'' Bush discarded my
> messages without further comment.
> * 2001-03-17: I sent a message
> <namedroppers/20010317134602-7103-qmail@cr-yp-to> to namedroppers
> objecting to a BIND company proposal to modify the DNS protocol.
> Bush discarded my message without comment.
All of the above is so old there is no point in discussing again. See,
for example, http://www.iab.org/Documents/BernsteinAppealResponse.txt
> * 2002.11.17: I sent a message
> <namedroppers/20021117174553-55961-qmail@cr-yp-to> to namedroppers
> objecting to Bush and Gudmundsson sending the axfr-clarify
> <axfr-clarify.html> document to the IESG, and summarizing ten
> problems with that document. Bush silently discarded my
> message.
This message was sent to the iesg, ietf and namedroppers mailing
list. The message did make it out on at least the iesg mailing list
(where I saw a copy), but I do not see it in the namedroppers archive.
> * 2002.11.20: I sent a message
> <namedroppers/20021120084916-34961-qmail@cr-yp-to> to namedroppers
> discussing the lack of consensus behind axfr-clarify and
> complaining about Bush's censorship. Bush silently discarded my
> message.
Again, this message was posted to the ietf, iesg and namedroppers
list. I see this message did get posted to the iesg list; I do not see
it in the namedroppers archive.
> * 2002.11.20, continued: I sent a message
> <namedroppers/20021120103907-63440-qmail@cr-yp-to> to namedroppers
> discussing the interoperability problems in axfr-clarify. Bush
> silently discarded my message. After Bush wrote (on another list)
> ``it is easy to miss and therefore delete mis-posts,'' I sent a
> message <namedroppers/20021120202122-31601-qmail@cr-yp-to> to
> namedroppers saying ``Funny how this happens so often for people
> you disagree with'' and reminding Bush that he was causing
> problems for newsgroup readers, sublist readers, and ``readers
> with private subscription addresses''; Bush allowed that message
> through.
Again, this message was posted to the ietf, iesg and namedroppers
list. I see this message made it do the iesg list; I do not see it in
the namedroppers archive.
> * 2002.11.20, continued: I sent a message
> <namedroppers/20021120203439-43796-qmail@cr-yp-to> to namedroppers
> discussing the use of separate TCP/UDP ports. Bush silently
> discarded my message.
This note was allegedely sent to namedroppers (and no where else). It
is not in the namedroppers archive. It is noted, however, that other
messages from Dan did appear on namedroppers that day.
> My subscription address stopped receiving messages from the
> namedroppers mailing list. About 40 hours later, I asked Bush what
> was going on:
>
> Is that address still on the list? If not, why not? Does your
> software reveal subscription addresses? Does it allow
> unconfirmed unsubscription requests? Does it use
> non-cryptographic cookies in confirmation notices? If the
> address is still on the list, why aren't the outgoing messages
> being delivered? Is there some general problem with all
> addresses?
>
> Suddenly the messages all came through.
Can't say what this was all about. Temporary mail problems?
> * 2002.11.23: I sent a message
> <namedroppers/20021123061646-22603-qmail@cr-yp-to> and another
> message <namedroppers/20021123172816-71385-qmail@cr-yp-to> to
> namedroppers. Bush promptly forwarded both messages. However, in
> the second message, he manually inserted my subscription address,
> despite my previous comments about private subscription addresses
> and forged unsubscription requests. (Was this malicious, or was it
> just mind-bogglingly stupid?)
Or perhaps, it was to make it clear to the poster which address the
posting was coming from, since there seems to be confusion at times
about whether someone is posting from the same address to which they
are subscribed.
"D. J. Bernstein" <djb@cr.yp.to> writes:
> * 2002.11.25: I sent a message
> From: "D. J. Bernstein" <djb@cr.yp.to>
> To: namedroppers@ops.ietf.org
> Cc: sob@harvard.edu
> Date: 15 Dec 2002 03:18:14 -0000
> Subject: Re: repeating records
> Automatic-Legal-Notices: See http://cr.yp.to/mailcopyright.html.
> I've noticed that Randy Bush discarded Len Budney's note on this topic:
> http://groups.google.com/groups?selm=asnul4%24640g%241%40isrv4.isc.org
Not so. Len's note was posted to usenet, not to the namedroppers
mailing list. Mail from usenet cannot be assumed to get gatewayed back
to the mailing list.
Thomas