IETF Logo Mail Archive

[DNSOP] Re: AD review of draft-ietf-dnsop-structured-dns-error-19

Mukund Sivaraman <muks@mukund.org> Sun, 10 May 2026 02:40 UTC

Return-Path: <muks@mukund.org>
X-Original-To: dnsop@mail2.ietf.org
Delivered-To: dnsop@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 91A80EBE6739 for <dnsop@mail2.ietf.org>; Sat, 9 May 2026 19:40:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1778380804; bh=zPTgqIJrBgvYaSbw9DhgQ5jQxVVn/BLf0I+LLLAFOpI=; h=Date:From:To:Cc:Subject:References:In-Reply-To; b=UkOJD28HLNoQleJYuBijTT7ALpkdcBHf72kOS1IlV/btFbFE/V4THFfnaDKRs0ApP MnlZYGhneerEq+25BTV5N2/FGUQgYDCLwmsaozWhK28sCU8pH5QNsL95XVU4S1p0ST i+sDP3UPYHTApsdJEfdhM2+2K8iUPjs36hoN1zNk=
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=mukund.org
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iJxVNLiNgws6 for <dnsop@mail2.ietf.org>; Sat, 9 May 2026 19:40:00 -0700 (PDT)
Received: from mx.mukund.org (mx.mukund.org [188.40.188.216]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 3BBEAEBE6719 for <dnsop@ietf.org>; Sat, 9 May 2026 19:40:00 -0700 (PDT)
Date: Sun, 10 May 2026 10:39:50 +0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=mukund.org; s=mail; t=1778380793; bh=zPTgqIJrBgvYaSbw9DhgQ5jQxVVn/BLf0I+LLLAFOpI=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=L0tUY/x42ogoD7Iij1uQgh6KCDChY+bFBviPbVJZxyA8UjECTL4Nw0txSdnGK5EP6 FWF40AzqSR9HbVa/hrqoDQy+wRCpjijcPwEEcone2WQqU3ITJ4LTycfC8X/Yx5Cb7p ueK7FOS+oShHn64EtIvrOG5/Wd91T0BvUMav+ePDcc0EWnlEFR273aHe3TKnCLfPhS nVqvHQxpH9vXOkC3lykDStg1ItrCWPVy0NSU+tcmW/m6gN/f1HRyJmvPIYvukKY83T VIEUUp3RjpX5OLyp/AaJ5gtOkaf9/DqeQDmlpUVJXVP56Df0uezNyk0AFOeqxa7DPL GWvsGqUTzBU9A==
From: Mukund Sivaraman <muks@mukund.org>
To: Mark Nottingham <mnot=40mnot.net@dmarc.ietf.org>
Message-ID: <af_v9m2ZZPBiBxtP@p5>
References: <PH0PR11MB49665D117EA1C0C920A1ED0FA93E2@PH0PR11MB4966.namprd11.prod.outlook.com> <CAFpG3geNkMs=_HeeirUcRX2-GXW5wEHZiYTLUj0Q_5CYVeVmWQ@mail.gmail.com> <SA2PR11MB4972BEA47D1E95384D5A82AFA93D2@SA2PR11MB4972.namprd11.prod.outlook.com> <af4QDrlZ-5hCfL_c@p5> <af4S9qW-LHOdQwQF@p5> <af4a6Hm9Eaql7qS9@p5> <PH0PR11MB4966FD11066304902E30BCB9A93A2@PH0PR11MB4966.namprd11.prod.outlook.com> <B98883D5-B6A9-4039-9C9D-B1BCEAE7E46D@mnot.net>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="VNOLiMgrljp2wE7e"
Content-Disposition: inline
In-Reply-To: <B98883D5-B6A9-4039-9C9D-B1BCEAE7E46D@mnot.net>
Message-ID-Hash: IP5KE6G7UT5LGHSCO2J5NOO3XBMWSUSW
X-Message-ID-Hash: IP5KE6G7UT5LGHSCO2J5NOO3XBMWSUSW
X-MailFrom: muks@mukund.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-dnsop.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "Eric Vyncke (evyncke)" <evyncke=40cisco.com@dmarc.ietf.org>, tirumal reddy <kondtir@gmail.com>, "dnsop@ietf.org WG" <dnsop@ietf.org>, Dan Wing <danwing@gmail.com>, "neil.cook@noware.co.uk" <neil.cook@noware.co.uk>, Mohamed Boucadair <mohamed.boucadair@orange.com>, Benno Overeinder <benno@nlnetlabs.nl>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [DNSOP] Re: AD review of draft-ietf-dnsop-structured-dns-error-19
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/3OKrPog9uriBCD7WjQfYfBSXgGw>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Owner: <mailto:dnsop-owner@ietf.org>
List-Post: <mailto:dnsop@ietf.org>
List-Subscribe: <mailto:dnsop-join@ietf.org>
List-Unsubscribe: <mailto:dnsop-leave@ietf.org>

On Sun, May 10, 2026 at 10:19:07AM +1000, Mark Nottingham wrote:
> I'd be concerned if we started rebuilding HTTP semantics inside
> DNS. The merit of putting links instead of strings inside the response
> is that you can then use language negotiation (etc.) for a richer
> experience when called for without burdening DNS.

Indeed a URL that provides localized information seems better than
localizing in DNS.

I think Eric is pushing for localizing the justification string which is
meant to be displayed to a human in a browser.

> Emitting another bit of fingerprinting data on all DNS requests is
> likely to be controversial, and also will require significant
> implementation effort.

For example, if the new structured-dns-error EDNS option in a query,
instead of being empty, includes the requested language, a nameserver
could ignore it and deliver text for whatever locale it wants to as is
currently specified in the draft.  The extra implementation effort would
be for nameservers that want to deliver localized strings, and that need
not be much work. For example, for one kind of implementation, it would
involve wrapping justification messages in _(), providing po
translations, specification of organization translations in
configuration with a map.  Just responding to the point that this isn't
necessarily a lot of development work.

I prefer the URL approach you've mentioned above and to leave
localization out. The language field would be just an indicator of what
language the justification and organization name are delivered in.

		Mukund

v2.46.0 | Report a Bug | By Email | System Status