Re: [DNSOP] [dnsdir] Dnsdir early review of draft-ietf-dnsop-structured-dns-error-03
Di Ma <madi@juicybun.cn> Tue, 27 June 2023 15:15 UTC
Return-Path: <madi@juicybun.cn>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D2997C13194A; Tue, 27 Jun 2023 08:15:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.888
X-Spam-Level:
X-Spam-Status: No, score=-6.888 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SPF_HELO_TEMPERROR=0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sWj4LyOz1-3o; Tue, 27 Jun 2023 08:15:04 -0700 (PDT)
Received: from smtpbg150.qq.com (smtpbg150.qq.com [18.132.163.193]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C738FC131810; Tue, 27 Jun 2023 08:14:58 -0700 (PDT)
X-QQ-mid: bizesmtp84t1687878893tnm3g5l8
Received: from smtpclient.apple ( [113.105.127.26]) by bizesmtp.qq.com (ESMTP) with id ; Tue, 27 Jun 2023 23:14:51 +0800 (CST)
X-QQ-SSF: 00100000000000F0Z000000A0000000
X-QQ-FEAT: ILHsT53NKPgNu/FzyZSLYS9dbqLGjk9UgU8/U4ibfZbBSwqFmNgZ92qsyqLUp 76SfKPPFI0mJni/mHR+VCDLqIbD7Z9Jvb4+tohsRmuEAlJIaCBYUuBZnMJFwb/cuWg9IlhG MKIqjVr+pJ642HuR7nRRO41s0mfNAeVOHrGTiAy1qAbsOo9h/wzXh1rd4It5L3Lz85WUPaS rfRP1+CI+uPuOmchjqa2Xlpjfwi4kKOySQWwF60a9vLIGk/RYwYnwNocArXjVr3KBg/Qicw soMtUkTokILerweG4R/xQw3ZFc7JX2mlxAwjMZ4UO2tUdtSLQ2iSGaTCFNwaK+7eDkb3qRw gxltw2lDKeAzxoO5ywI8aXYVAnZn1zNg2+Sg+EOUclHVWGeT8DAXcNdHeWDHA==
X-QQ-GoodBg: 0
X-BIZMAIL-ID: 17634641372650563244
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.600.7\))
From: Di Ma <madi@juicybun.cn>
In-Reply-To: <DU2PR02MB101600CE3A6DD311A26FDF9FE8827A@DU2PR02MB10160.eurprd02.prod.outlook.com>
Date: Tue, 27 Jun 2023 23:14:41 +0800
Cc: "dnsdir@ietf.org" <dnsdir@ietf.org>, "dnsop@ietf.org" <dnsop@ietf.org>, "draft-ietf-dnsop-structured-dns-error.all@ietf.org" <draft-ietf-dnsop-structured-dns-error.all@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <1281C375-5608-4B6F-ACE1-29E33A1FF774@juicybun.cn>
References: <168775913699.55897.2271126507895695243@ietfa.amsl.com> <DU2PR02MB101600CE3A6DD311A26FDF9FE8827A@DU2PR02MB10160.eurprd02.prod.outlook.com>
To: mohamed.boucadair@orange.com
X-Mailer: Apple Mail (2.3731.600.7)
X-QQ-SENDSIZE: 520
Feedback-ID: bizesmtp:juicybun.cn:qybglogicsvrsz:qybglogicsvrsz3a-1
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/2SusoKNFZJgg9pTv1Lebg7LAcY8>
Subject: Re: [DNSOP] [dnsdir] Dnsdir early review of draft-ietf-dnsop-structured-dns-error-03
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Jun 2023 15:15:13 -0000
Hi, Med, All the clarifications and updates you have made to this draft are fine by me. Di > 2023年6月27日 14:23,mohamed.boucadair--- via dnsdir <dnsdir@ietf.org> 写道: > > Hi Di, > > Thanks for the review. > > Please see inline. > > Cheers, > Med > >> -----Message d'origine----- >> De : Di Ma via Datatracker <noreply@ietf.org> >> Envoyé : lundi 26 juin 2023 07:59 >> À : dnsdir@ietf.org >> Cc : dnsop@ietf.org; draft-ietf-dnsop-structured-dns- >> error.all@ietf.org >> Objet : Dnsdir early review of draft-ietf-dnsop-structured-dns- >> error-03 >> >> Reviewer: Di Ma >> Review result: Ready with Nits >> >> Generally speaking, I think the extension to DNS proposed by this >> document will not affect DNS operations adversely since it is >> common and mature to extend >> EDNS0 to carry DNS signaling information as far as I observed. >> >> I have got several technical comments for the authors to consider: >> >> As stated in section 5.2 “If EDE support is signaled in the query >> the server MUST NOT return the "Forged Answer" extended error >> code...”, is “Forged Answer” the only code that is not allowed? > > [Med] It is the only one to report that filtering happened but still an answer is being provided. > > Note that the candidate list of codes is called out in: > > For the DNS filtering mechanisms described in Section 3 the DNS > server can return extended error codes Blocked, Filtered, or Forged > Answer defined in Section 4 of [RFC8914]. However, these codes only > explain that filtering occurred but lack detail for the user to > diagnose erroneous filterings. > >> suggest authors articulate the rule not just an instance, in order >> to facilitate the consistency among different implementations. >> >> As in section 5.3, “On receipt of a DNS response with an EDE >> option from a DNS responder, the following actions are performed >> on the EXTRA-TEXT field”, are all those “actions” ordered or >> unordered? I think it needs to be specified. >> > > [Med] The actions are not provided in the execution order: clarified in https://github.com/ietf-wg-dnsop/draft-ietf-dnsop-structured-dns-error/pull/32/files. > >> In section 6, RPZ is not standardized by IETF. I suggest removing >> “Interoperation with RPZ Servers” or moving it to appendix since >> this draft is intended to be a standards track RFC. >> > > [Med] This is fair. Please see the PR at https://github.com/ietf-wg-dnsop/draft-ietf-dnsop-structured-dns-error/pull/31/files. > >> And I also have some editorial comments: >> > > [Med] All good points. Please see the PR at https://github.com/ietf-wg-dnsop/draft-ietf-dnsop-structured-dns-error/pull/30/files. > >> In section 4, “The contact details of the IT/InfoSec team to >> report mis-classified DNS filtering. This field is structured as >> an array of contact URIs (e.g., tel, sips, https). At least one >> contact URI MUST be included. This field is mandatory.” It is >> necessary to reference RFCs to “tel, sips, https”. >> >> In section 5.3, there is an in-paragraph long space breaking “If a >> DNS client has enabled opportunistic privacy profile (Section 5 of >> [RFC8310]) for DoT, the DNS client will either fall back to an...” >> ...and “encrypted connection without authenticating the DNS >> server...”. >> >> In section 5.3, the first action is described as “Verify the field >> contains valid JSON.” which is the only segment using a verb to >> describe the very action. I think it would be better to align all >> the action description wording. >> >> > > ____________________________________________________________________________________________________________ > Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc > pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler > a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, > Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. > > This message and its attachments may contain confidential or privileged information that may be protected by law; > they should not be distributed, used or copied without authorisation. > If you have received this email in error, please notify the sender and delete this message and its attachments. > As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. > Thank you. > -- > dnsdir mailing list > dnsdir@ietf.org > https://www.ietf.org/mailman/listinfo/dnsdir
- [DNSOP] Dnsdir early review of draft-ietf-dnsop-s… Di Ma via Datatracker
- Re: [DNSOP] Dnsdir early review of draft-ietf-dns… mohamed.boucadair
- Re: [DNSOP] [dnsdir] Dnsdir early review of draft… Di Ma