IETF Logo Mail Archive

Re: [DNSOP] I-D Action: draft-ietf-dnsop-structured-dns-error-06.txt

"Gianpaolo Angelo Scalone, Vodafone" <Gianpaolo-Angelo.Scalone@vodafone.com> Thu, 12 October 2023 09:33 UTC

Return-Path: <Gianpaolo-Angelo.Scalone@vodafone.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 53768C14CEFD for <dnsop@ietfa.amsl.com>; Thu, 12 Oct 2023 02:33:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=vodafone.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yo5ieYe-qz-b for <dnsop@ietfa.amsl.com>; Thu, 12 Oct 2023 02:33:27 -0700 (PDT)
Received: from EUR05-VI1-obe.outbound.protection.outlook.com (mail-vi1eur05lp2169.outbound.protection.outlook.com [104.47.17.169]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F3311C14E515 for <dnsop@ietf.org>; Thu, 12 Oct 2023 02:33:26 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=KjZio5TTKlSSUB7YoyT0l7GngzceDPm1yus+vq4AjwsBP0/rItI1ZlZ+JGXK/ypVyu+YqLs/KOTeA1Z/Yr1O53rJ3i3BdsF4EpPA0+QvwK0MxcLhGupdnXZ/SWo7m9/TIop7OrmXqaHl0Am5/JWdkI48ooza2TXQTt/pozXa3duf5erMFis84lN9GOFCn1sjBJkN/svKpBlsr/wfpe2GwebQwb53E6d+r4hNpvjIaiKMlz866AYeknA7xsYf2zJLN++EiuvdvbPDLGC4IId3ZueIjWVjOchKYcsJyirSkZJ6gAArltmzx+4wyHD62NRbSQW2o+mrtWjTcJfll5sB2w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=3O/3LLm05IFAxEPy2oURRVRSIsebXg1LpAdHmt/znW4=; b=hxqEJCyUU/nSnU0512nK/vIe6sncZGhg4W1J21Ce68cGrKyqwwFIzZysw2WkIgQ9Ma+3JJCpudGK7LUgUZ+UrhCkpXwi4e3i/pxyoPQxlDjXZmpm90EX/CeTKdJSz3oV91hku96FCwLc7SJgjDzBBVDqGhwTUOqfjpMWSu+vf5rnpUN6u01Cmpwy5mTXUJ30kEg/A45URoEN66uf6Dd12Spqlv2uFCT3FdZfLUJeif5lXy66nnwaVZ4wi6CxFkUVwjLOxdfIX1caBBFXKhvxNpnMJdHojAKYzZK1aaipqMOBdHbgiUSlmwiy3dvWgnQmlFv6braGFliTaGXW7S10tw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=vodafone.com; dmarc=pass action=none header.from=vodafone.com; dkim=pass header.d=vodafone.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=vodafone.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=3O/3LLm05IFAxEPy2oURRVRSIsebXg1LpAdHmt/znW4=; b=EYvu/kO4jxPo0BcPAV4sDtmaHQJZReeec8rB8xvvbEBmAL1u/ovYrx4Q+UQ0FfgF82nVrAAhK+2Ctswx7UFPaFrNNQROmnUB8ThV1a8JNVWv4qSXePTiC0U1YcCY2oT4vyxlOecaqflPXGCUWf6UPIvASkzD3rbM3dg3I71ErekU5CwIHy8hbI9DqTKEPiFWs+3I51kZ8sJNURdgvHBmHZhfqJrqW4cZwndx8kfMudZE9insBgtw+WHueQ1NwyaW/AfKMfEOd4B75EDkN8UTof027gAuzgPktuqYgQDZgtxJoz5065hB9o2dG4q5Vk1OZQEEyE8EOvcjO2atiL8meg==
Received: from DB9PR05MB8473.eurprd05.prod.outlook.com (2603:10a6:10:29c::24) by AS2PR05MB10342.eurprd05.prod.outlook.com (2603:10a6:20b:602::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6863.44; Thu, 12 Oct 2023 09:33:17 +0000
Received: from DB9PR05MB8473.eurprd05.prod.outlook.com ([fe80::3f58:179f:2d04:a8c2]) by DB9PR05MB8473.eurprd05.prod.outlook.com ([fe80::3f58:179f:2d04:a8c2%4]) with mapi id 15.20.6863.043; Thu, 12 Oct 2023 09:33:16 +0000
From: "Gianpaolo Angelo Scalone, Vodafone" <Gianpaolo-Angelo.Scalone@vodafone.com>
To: "dnsop@ietf.org" <dnsop@ietf.org>
Thread-Topic: Re: [DNSOP] I-D Action: draft-ietf-dnsop-structured-dns-error-06.txt
Thread-Index: Adn87vKfjm0jI/24T5GrFEXeyON3vg==
Date: Thu, 12 Oct 2023 09:33:16 +0000
Message-ID: <DB9PR05MB8473D0F0FC4839BB42A663A4A3D3A@DB9PR05MB8473.eurprd05.prod.outlook.com>
Accept-Language: it-IT, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_0359f705-2ba0-454b-9cfc-6ce5bcaac040_Enabled=true; MSIP_Label_0359f705-2ba0-454b-9cfc-6ce5bcaac040_SetDate=2023-10-12T09:33:15Z; MSIP_Label_0359f705-2ba0-454b-9cfc-6ce5bcaac040_Method=Standard; MSIP_Label_0359f705-2ba0-454b-9cfc-6ce5bcaac040_Name=0359f705-2ba0-454b-9cfc-6ce5bcaac040; MSIP_Label_0359f705-2ba0-454b-9cfc-6ce5bcaac040_SiteId=68283f3b-8487-4c86-adb3-a5228f18b893; MSIP_Label_0359f705-2ba0-454b-9cfc-6ce5bcaac040_ActionId=d0252eeb-17fb-4e7a-8e52-d6769e8cfff5; MSIP_Label_0359f705-2ba0-454b-9cfc-6ce5bcaac040_ContentBits=2
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=vodafone.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: DB9PR05MB8473:EE_|AS2PR05MB10342:EE_
x-ms-office365-filtering-correlation-id: 35f11027-1b94-40b8-12bc-08dbcb0643be
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: oYGM5wjIXJ4rlq3FJBP+/CIrhIknMaEkqDx6s66jHrzNIvfnbwtQT+aC5emsEXnFUiy36HFh0QoT2LNZ0lUrxP8FXfo0KcnKvaKUp9XtVNGgkDFLMG8SY2zfmCylr5Hc1vCxmQk4dyPLzsA+KgP4/h0RcVEJB29ReiocADr/XJ4oMf2093X9Zwwfw7kngBmJZO7xMilpcsJ4dt7UXpl2D7i39nvMENOpSYalOSK1pRXuXYO+5TCsEWVUamQEEjzbrFP337Hn5pyFgKwjHwIkkqe4oxwGET/hKIqPEm87r5kpz07tO+JJy1k9cQFOqURPIbCwNwIWWPptPT8XLkPiE5bwAZrEpqauRD6RrmD2sY9/LuoW980YmMgK8NeLnlzaippyubEykBuGcR6XahdxJwHtuh8J8SY5nJ28VCD3fTnfzu3UqpqpzFuXAL1+YEOpdodRf6suHnrvepgVSw8gTVPkbyiXf8v/9WsYMvjR+nhfKsfuLpmeApNbnZK39wdaQN0KNu2weRKBQDr4tcJ8FneTqeEChq3pgwMRWzhDd7IA5TGHYmCkbHx4VyO9DssDNQT1cjWpGZwJWs+/+jansVnxB1uGyZxhEgV/5nCaAbfYZZXEQPU7eU7SXpptKV1C
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB9PR05MB8473.eurprd05.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(376002)(39860400002)(346002)(396003)(136003)(366004)(230922051799003)(64100799003)(451199024)(186009)(1800799009)(2906002)(4744005)(86362001)(33656002)(122000001)(82960400001)(55016003)(38070700005)(38100700002)(6916009)(41300700001)(316002)(76116006)(64756008)(66446008)(66476007)(66556008)(66946007)(26005)(9686003)(71200400001)(6506007)(7696005)(478600001)(5660300002)(83380400001)(52536014)(8936002)(8676002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: DDkFaBLpnob9HGw/ksrXIFqGLMg5OIJPGmjTP/5i64/+grx1UCzmUG8NAX5plaRWrdfIoET3qoHhIWqiKNTUo7zysuljmCSuXsd9nlwISc9dUqslxFv9dYnZiEr5SS6j5RO1XLhdjjE61BUPCvIhZaNl3cG7oilcj+Xk81T+d5qfQ2Ffv1MGDIwJqe4Vx+4P9XeaUyczRANpbGrihBmkWVq77AdmQBSNxaDN5FqmgpR6t+DlEF8Hx+vP5pN9qq9jNXRQZGdsmtcDSu8fOHSvyHinqF0MIkQPyl+SJxSXpyuX8Ddwf6SoIMm5RtPjawYK9YOiwLCs2amDIlUBBgQB39qX2VSSqZUTHLSPyJb6SWjT9eZ/7LWZb4/jW4Hlfpx4Q6RLHO1CO0QvtN9hYEhcZy8uIOJk5f5dfpJHN4/Xq1/gJrLm2JCA8GoQu2FQVRUVJ3XfUNtD9/iHEZ3n1YYWlrbzndoulQJH0zoVlQR6dSFvteEWIH3KuMmJCMUyBYQy1K6CkFSmnpKSP9zZNTDCbKCM2N9+QJKzMSvDpb6DNbC+0FpgCpvTilNjkB3d1WORuPpRD3ZxpiuDDjRkfBEEGHckEZXk5whagTT8AQcxa+Jis42gt2cCzwbD0phYZoz4PnXkWhQ6SEBw3eDl1mJv6nQrF9apmbVns9kaChvXnOU1dTWU/8X4FlOohrHo4TxXe3dU8FPYnP64jSNL5p90HcqbdpzzY1vZ4tVhQIhrqOYi0xmfn6x1G3C0FVVYwkMlXBS9FTPvxzn5Xx4lI0Pdn/K4VrZjyW5sBgzG2pujNBppAGm+veRbmCmDIkweYzl/e9/9xO2eZ7nqfVHs9US3ZtUGemZd6FvUFydF6GmqmtaeFeFXpx3ujCahWnOqq4wtMN+iSkvp2TadQfP3NdoOccky2h/m51ej7OmcrLQ7ZgxtIpBgoI8cDS2RsoLDl5lWh3QhsjZyi/huqlwKJB7rCnVns6Y9iTPOtC8gocm7uaduwZqEN5S7p4XxQhmQbfnCwN/BiQw1MrKpyrKOGLJNxdoDi2LieGKpkvIhqJgP5m1MjJFXcqh4qGucBjibXqv8a9DJdpgb4OxzdeBF3W+XHDikzV/FRr0vefuLUI4armuc9QZP6EU7t+0pSE1XWNaMWg6pAi3vXbuC+EVdVEGEySpLJKldDZKLzulrIOXqyD1zl74Sz+WnXF4lMR/LFFaCaQHHX0+49YOk9w/LSSWl7R8aFsh3L4AenKovz373HmZcStdVup+hzocj9eDkdPXuBFiQh5D/otVzV4qIi22mwC1jCiIYMpfY0gK/iYqlWUHzNAdCB74W1sy0831vb3Cjdewf1flIc+l7NsrYZXiiXQ8Xa+4GXDG23D8wgOJe36tc13fz83ONnAgrht3Nfy7O3U2WyQvS5qf61hX+BUol1qbGWyyN0n6ddIWwq2uMytUjnvI9q5HWpZDmx7fjaxkIyScnm3V78C3STuo/0vgzSsmoIPlxJD3bLXbPlja1IGNQPAoGTMzznGtBg/eL0+4GKJ+yiJrQXKnWzD3H6av2kpl6kF9dagSk5rMXzT0PRBLtxXIPXTHna6lLbrV1Txo5WBH1COT4kbVkGu7oY7sM8ZW97V7ZZ9dqUJvyLGZullU=
Content-Type: multipart/alternative; boundary="_000_DB9PR05MB8473D0F0FC4839BB42A663A4A3D3ADB9PR05MB8473eurp_"
MIME-Version: 1.0
X-OriginatorOrg: vodafone.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DB9PR05MB8473.eurprd05.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 35f11027-1b94-40b8-12bc-08dbcb0643be
X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Oct 2023 09:33:16.9455 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 68283f3b-8487-4c86-adb3-a5228f18b893
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: qI8IHofpQDBSXNxVhWUoirhDIpNBq35sWwQT3ojIk/Ktb0qrzpCRiO9AXrnH8xGQdg3ufTOQbQEmbCjiyoTyOeuHrnLaOLvqdyj5/caXJR3PecFWXKPv86IaA9nrW1mK
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS2PR05MB10342
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/AgR5BGT_GQx6r8e5h3zoyDoJYco>
Subject: Re: [DNSOP] I-D Action: draft-ietf-dnsop-structured-dns-error-06.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Oct 2023 09:33:31 -0000

I agree that RFC8914 Extended Errors is an improvement and provides some awareness on the reason for blocking,
but without knowing the blocking service it is not possible to comply against a block and eventually request a reclassification.
I am not suggesting to take whatever text arrives from the DNS provider, but to build a mechanism so that only trusted sources are presented to the user, e.g. using only messages arriving from a DoH server, where the contact is related to the certificate of the DNS server and eventually a registration mechanism is built so that only registered contacts are allowed...



C2 General

v2.23.0 | Report a Bug | By Email