[Asrg] draft-irtf-asrg-bcp-blacklists-01 March 24, 2008

[SM]

At 16:15 03-04-2008, Douglas Otis wrote:
>Conclusions reached in the last three paragraphs of section 2.2.3 are
>naive and wrong.  Strike these paragraphs:

[snip]

>Another important consideration supporting a "no questions asked"
>self-removal policy is that it forestalls many conflicts between
>DNSBL operators and organizations whose IP addresses have been
>listed.  Such a policy also can be an effective deterrent to legal
>problems.
>---
>
>The last sentence in this section could be seen as a threat.  "Such a
>policy also can be an effective deterrent to legal problems." suggests
>list operators become liable when adhering to their policy when it
>differs from this poorly considered and naive recommendation.  Public

I agree the last sentence should be removed as it's not up to the 
document to provide legal advice.

>3.6.  Use of Collateral Damage MUST Be Disclosed
>
>This section assumes only individual IP addresses are assessed.  The
>list may represent a range of IP addresses pertaining to single
>entity, the rated network provider.  Would listings based upon this
>entity's address space represent collateral damage?  Such a rating may
>suggest this provider is not effective at enforcing reasonable
>Acceptable Use Policies.
>
>Calling this "collateral damage" represents a concerted bias against
>rating network providers.  Clearly, when a listing is constrained to
>that of specific network provider, there would not be _any_ collateral
>damage involving other network providers.

If you don't want it called collateral damage, you can always say:

3.6 The scope of the listing MUST be disclosed

And elaborate on whether the listing identifies individual IP 
addresses or a range of IP addresses which includes IP addresses 
under the control of a provider even though those IP addresses are 
not the source of abusive email.

Regards,
-sm