IETF Logo Mail Archive

[DNSOP] Re: Comments from IETF Last Call about draft-ietf-dnsop-structured-dns-error

tirumal reddy <kondtir@gmail.com> Tue, 06 May 2025 08:09 UTC

Return-Path: <kondtir@gmail.com>
X-Original-To: dnsop@mail2.ietf.org
Delivered-To: dnsop@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id AD5A0253BBFE for <dnsop@mail2.ietf.org>; Tue, 6 May 2025 01:09:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2VR25XoumjnF for <dnsop@mail2.ietf.org>; Tue, 6 May 2025 01:09:16 -0700 (PDT)
Received: from mail-ej1-x62e.google.com (mail-ej1-x62e.google.com [IPv6:2a00:1450:4864:20::62e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 40E24253BBF2 for <dnsop@ietf.org>; Tue, 6 May 2025 01:09:16 -0700 (PDT)
Received: by mail-ej1-x62e.google.com with SMTP id a640c23a62f3a-ad1b94382b8so390020366b.0 for <dnsop@ietf.org>; Tue, 06 May 2025 01:09:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1746518955; x=1747123755; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=1YSeuep5FbmESANOsRkG/1wGpfMyDI289PCHZABeDCk=; b=gOHnuL/H/WoInjisHKxj1qZ5rK5kwJ8qZncUUF7Cr0yAHpz3+TCOgeyKntSnRLBXrg CoogdpELCZz14O1woqMke5FjxnGH2/hh8arX5ax7hcKNFu3HNShD35AKHsG5fdxszJYH mgeW+pe+F3YVzFyjfhVwoCw4NJEfnz2p7iVsvJOtkHEkZyYldn9ZhO1vCRegb/QLefTT GizgmFa2jMJ3dJTMpH2uq9hCci6q529Kw9x6XlzyTI8mxryjk0Lvs+007Gk88kjXg3+Z A9EYvATjnwvCJXKzDYPUCOWRgUwg1T1EqOpR7yzv8Rm4+w65W+wmByZFrwggtFNcYUw1 7MXw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1746518955; x=1747123755; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=1YSeuep5FbmESANOsRkG/1wGpfMyDI289PCHZABeDCk=; b=fNaRreDShT2BUyae+PQl2zxiFV8JzrJUI/dqbv3hg96x57Op/luHedOl5EM8U/Aded svh/plvYhCH4BCjf5ivtqX3gDiSN++ECY4xNGrZ7gUc9NkFUQYCVgdXA9U3fMSI+5wA9 OE90VvB2F/lEuFQhqJ1YPXUxJGPQRmtYCp0W5IxlgpuETDKnMviQOUuYHlH42AZQ127M bk5raZ34DesYmVlrC6NdnvaC6imQrdoUZYB6gKHtjRZFE7vp5LyzS+Z7PhLNKScwbsRL alFaA1Ccnfr2Ohl5wVR9OzPCHK0uYd25yaRs8fEJqzmtzzMa8R9USxCKD7Z41gdlPRXu NCPA==
X-Gm-Message-State: AOJu0YzUrZ1W58crzZQ8Ftkx0DFVejtv/DvjTYJUduvo9pTBjIwWUVC/ d+e9mQki2Xx/1747JydlFFy/iX5co+YD1s0t2Ivc/uZHK3yRGzyAS6mPWRcrCnZRqDcZBxk7rd/ 9yUUm5V9o35uPkP8GFBd4PJbIgPZ1jdg1PdVbaA==
X-Gm-Gg: ASbGncuwTL4g5PDgtJl0ZR3C7MfzMkhMU4sDExcAZTIQwYu9b955avuCyVwvsVjxK/s OxlnW5ov73wVVkBzpbHRtSRs5A3iIJfqYnbN4ElbJOArG34SXgOzegmRNYgZB2tYNQ0yrF1DEmD lbldebesxflSB4wnpGqF+sMO3Q
X-Google-Smtp-Source: AGHT+IGybvkMXabycSKiAw9Trqc+JKAW/v4MXafZ7tF8v4jHDs+1U82VVdlcl9l02/vJGry6cHKXc8SKH+B8eLGLLUA=
X-Received: by 2002:a17:906:f587:b0:aca:d4f6:440d with SMTP id a640c23a62f3a-ad1d4536fc5mr200055666b.17.1746518955043; Tue, 06 May 2025 01:09:15 -0700 (PDT)
MIME-Version: 1.0
References: <PH0PR11MB49666C9FAA1DC4C04EB7AEDBA98E2@PH0PR11MB4966.namprd11.prod.outlook.com>
In-Reply-To: <PH0PR11MB49666C9FAA1DC4C04EB7AEDBA98E2@PH0PR11MB4966.namprd11.prod.outlook.com>
From: tirumal reddy <kondtir@gmail.com>
Date: Tue, 06 May 2025 13:38:37 +0530
X-Gm-Features: ATxdqUHm7QHZRVdDieaibff8TySlSNygLJ21XlieUJkKvX21M0i8099QBwH_-OE
Message-ID: <CAFpG3gdhvz5iKX5tWsuEqNvJdOmvsggFZu9iBHJtw6ZGAaFK9Q@mail.gmail.com>
To: "Eric Vyncke (evyncke)" <evyncke=40cisco.com@dmarc.ietf.org>
Content-Type: multipart/alternative; boundary="000000000000e8b2d006347321c2"
Message-ID-Hash: DYSI4376A3DRPIPMSTDKAJ2WXKS334BW
X-Message-ID-Hash: DYSI4376A3DRPIPMSTDKAJ2WXKS334BW
X-MailFrom: kondtir@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-dnsop.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "dnsop@ietf.org" <dnsop@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [DNSOP] Re: Comments from IETF Last Call about draft-ietf-dnsop-structured-dns-error
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/FYOnVjz7eCU24RJ2dq57VPLEr6Y>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Owner: <mailto:dnsop-owner@ietf.org>
List-Post: <mailto:dnsop@ietf.org>
List-Subscribe: <mailto:dnsop-join@ietf.org>
List-Unsubscribe: <mailto:dnsop-leave@ietf.org>

The dnsop-structured-dns-error draft includes mechanisms for providing
structured error information that can be used by clients to display
user-friendly messages. It deliberately avoids allowing any free-form or
arbitrary full-text fields to be shown directly to end users, precisely to
mitigate security risks. We believe this strikes the right balance between
user experience and security and do not see a need to change the draft in
this regard.

Regarding the relationship to draft-nottingham-public-resolver-errors: That
draft is explicitly scoped to public resolvers, whereas
dnsop-structured-dns-error is designed to support any deployment model,
regardless of how they are discovered and configured. While the drafts may
share high-level goals of improving DNS error transparency, their target
audiences and operational contexts differ. As such, we don’t believe
merging the documents is appropriate.

This draft has already been extensively discussed in the DNSOP working
group for around 5 years and has evolved based on community input. We
believe it is in a stable state and see no need to stall its progress at
this stage.

-Tiru

On Mon, 5 May 2025 at 18:20, Eric Vyncke (evyncke) <evyncke=
40cisco.com@dmarc.ietf.org> wrote:

> Dear authors and WG,
>
>
>
> There have been substantive IETF Last Call comments once extending the
> review outside of DNSOP. On my own read of the comments, there are two
> critical ones:
>
>    - Are full-text explanations better or worse from UX or security point
>    of view ?
>    - Should the draft merge/include/... with
>    draft-nottingham-public-resolver-errors ?
>
>
>
> The above comments could cause major changes in the I-D requiring another
> IETF Last Call. If the authors or DNSOP WG prefer, then the draft can be
> sent back to the DNSOP WG for more community work.
>
>
>
> Regards
>
>
>
> -éric
> _______________________________________________
> DNSOP mailing list -- dnsop@ietf.org
> To unsubscribe send an email to dnsop-leave@ietf.org
>

v2.31.3 | Report a Bug | By Email | System Status