Re: [DNSOP] updated to draft-wing-dnsop-structured-dns-error-page-01
Vittorio Bertola <vittorio.bertola@open-xchange.com> Thu, 11 November 2021 11:59 UTC
Return-Path: <vittorio.bertola@open-xchange.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CB4CD3A0E02 for <dnsop@ietfa.amsl.com>; Thu, 11 Nov 2021 03:59:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=open-xchange.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nKEYTjaUw7fW for <dnsop@ietfa.amsl.com>; Thu, 11 Nov 2021 03:59:48 -0800 (PST)
Received: from mx3.open-xchange.com (mx3.open-xchange.com [87.191.57.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 03E253A0E97 for <dnsop@ietf.org>; Thu, 11 Nov 2021 03:59:45 -0800 (PST)
Received: from imap.open-xchange.com (imap.open-xchange.com [10.20.28.82]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx3.open-xchange.com (Postfix) with ESMTPSA id AAB796A0D2; Thu, 11 Nov 2021 12:59:42 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=open-xchange.com; s=201705; t=1636631982; bh=j35o6DJtIzZtOyC+5CSatWs8b72XNguJ75iEv40DAyU=; h=Date:From:To:In-Reply-To:References:Subject:From; b=4qJF0bZIorBEqUzlpbiNdKrA7oPWCSAek/qNPDSm4I2PpyqDy8HMKYo3Wz01uGnf5 IzGgOQFODD/BgxL+9xyH7bb+y80Lg+zITwF4MHKoDNcOYMvhfyOLsTWRE0DxnV6ukE wjlZVu22duBTN0lJMOoBYhf0qNK4VitgIYLpGKi1grvc7+x+bnu2wZAN/r132DZ2Ub xrsk9GIeNRXhE4d4JSrXuLRnmkICDhbVW179d5JNcF9CJTabtgYrmd2C1Qo2TOWJNO rNZ/iyXPQiPxoUy2vHl11ZWM95C0dSNcPw4l/Rjy+0YREH7RfuozWLq+5SXfHoCdYh mqGNtx/+BdnsA==
Received: from appsuite-gw2.open-xchange.com ([10.20.28.82]) by imap.open-xchange.com with ESMTPSA id ByXQKa4FjWE1ewAA3c6Kzw (envelope-from <vittorio.bertola@open-xchange.com>); Thu, 11 Nov 2021 12:59:42 +0100
Date: Thu, 11 Nov 2021 12:59:42 +0100
From: Vittorio Bertola <vittorio.bertola@open-xchange.com>
To: Petr Špaček <pspacek@isc.org>, dnsop@ietf.org
Message-ID: <2144593653.33984.1636631982620@appsuite-gw2.open-xchange.com>
In-Reply-To: <d7f55c0d-0746-9c74-2ff1-ebdcec7ad45e@isc.org>
References: <D1CF0779-EAB3-4759-8F50-643E9EC8C490@gmail.com> <d7f55c0d-0746-9c74-2ff1-ebdcec7ad45e@isc.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Priority: 3
Importance: Normal
X-Mailer: Open-Xchange Mailer v7.10.5-Rev23
X-Originating-Client: open-xchange-appsuite
Autocrypt: addr=vittorio.bertola@open-xchange.com; prefer-encrypt=mutual; keydata= mQENBFhFR+UBCACfoywFKBRfzasiiR9/6dwY36eLePXcdScumDMR8qoXvRS55QYDjp5bs+yMq41qWV9 xp/cqryY9jnvHbeF3TsE5yEazpD1dleRbkpElUBpPwXqkrSP8uXO9KkS9KoX6gdml6M4L+F82WpqYC1 uTzOE6HPmhmQ4cGSgoia2jolxAhRpzoYN99/BwpvoZeTSLP5K6yPlMPYkMev/uZlAkMMhelli9IN6yA yxcC0AeHSnOAcNKUr13yXyMlTyi1cdMJ4sk88zIbefxwg3PAtYjkz3wgvP96cNVwAgSt4+j/ZuVaENP pgVuM512m051j9SlspWDHtzrci5pBKKFsibnTelrABEBAAG0NUJlcnRvbGEsIFZpdHRvcmlvIDx2aXR 0b3Jpby5iZXJ0b2xhQG9wZW4teGNoYW5nZS5jb20+iQFABBMBAgAqBAsJCAcGFQoJCAsCBRYCAwEAAp 4BAhsDBYkSzAMABQMAAAAABYJYRUflAAoJEIU2cHmzj8qNaG0H/ROY+suCP86hoN+9RIV66Ej8b3sb8 UgwFJOJMupZfeb9yTIJwE4VQT5lTt146CcJJ5jvxD6FZn1Htw9y4/45pPAF7xLE066jg3OqRvzeWRZ3 IDUfJJIiM5YGk1xWxDqppSwhnKcMOuI72iioWxX0nGQrWxpnWJsjt08IEEwuYucDkul1PHsrLJbTd58 fiMKLVwag+IE1SPHOwkPF6arZQZIfB5ThtOZV+36Jn8Hok9XfeXWBVyPkiWCQYVX39QsIbr0JNR9kQy 4g2ZFexOcTe8Jo12jPRL7V8OqStdDes3cje9lWFLnX05nrfLuE0l0JKWEg8akN+McFXc+oV68h7nu5A Q0EWEVH5QEIAIDKanNBe1uRfk8AjLirflZO291VNkOAeUu+dIhecGnZeQW6htlDinlYOnXhtsY1mK9W PUu+xshDq7lXn2G0LxldYwyJYZaJtDgIKqVqwxfA34Lj27oqPuXwcvGhdCgt0SW/YcalRdAi0/AzUCu 5GSaj2kaGUSnBYYUP4szGJXjaK2psP5toQSCtx2pfSXQ6MaqPK9Zzy+D5xc6VWQRp/iRImodAcPf8fg JJvRyJ8Jla3lKWyvBBzJDg6MOf6Fts78bJSt23X0uPp93g7GgbYkuRMnFI4RGoTVkxjD/HBEJ0CNg22 hoHJondhmKnZVrHEluFuSnW0wBEIYomcPSPB+cAEQEAAYkBMQQYAQIAGwUCWEVH5QIbDAQLCQgHBhUK CQgLAgUJEswDAAAKCRCFNnB5s4/KjdO8B/wNpvWtOpLdotR/Xh4fu08Fd63nnNfbIGIETWsVi0Sbr8i E5duuGaaWIcMmUvgKe/BM0Fpj9X01Zjm90uoPrlVVuQWrf+vFlbalUYVZr51gl5UyUFHk+iAZCAA0WB rsmACKvuV1P7GuiX3UV9b59T9taYJxN3dNFuftrEuvsqHimFtlekUjUwoCekTJdncFusBhwz2OrKhHr WWrEsXkfh0+pURWYAlKlTxvXuI7gAfHEQM+6OnrWvXYtlhd0M1sBPnCjbyG63Qws7Rek9bEWKtH6dA6 dmT2FQT+g1S9Mdf0WkPTQNX0x24dm8IoHuD3KYwX7Svx43Xa17aZnXqUjtj1
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/Ki1jVcCVW8ejYuYJhuFdU-NMVVE>
Subject: Re: [DNSOP] updated to draft-wing-dnsop-structured-dns-error-page-01
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Nov 2021 11:59:53 -0000
> Il 10/11/2021 17:17 Petr Špaček <pspacek@isc.org> ha scritto: > > 1. Input from browser vendors > ----------------------------- > I believe we really really _really_ need input from end-client vendors, > most importantly Google Chrome and Safari. Is there any indication that > they might be interested? If not, why? I don't want to speak for them (I don't know if they are on this list, but they definitely are on ADD) but in past discussions around this concept they recognized its potential usefulness (apart maybe from a specific browser which seems to have a principle stance against DNS filters) but were concerned about the security of the mechanism, i.e. the risk that it could be used to present to the user a phishing or misleading page, either by an attacker or by the network itself, with the risk of the user not realizing that this is not their intended destination but a page generated by someone else. This explains many of the restrictions and requirements in the document, including the restriction to encrypted DNS connections. -- Vittorio Bertola | Head of Policy & Innovation, Open-Xchange vittorio.bertola@open-xchange.com Office @ Via Treviso 12, 10144 Torino, Italy
- [DNSOP] updated to draft-wing-dnsop-structured-dn… Dan Wing
- Re: [DNSOP] updated to draft-wing-dnsop-structure… Petr Špaček
- Re: [DNSOP] updated to draft-wing-dnsop-structure… Vittorio Bertola
- Re: [DNSOP] updated to draft-wing-dnsop-structure… Stephane Bortzmeyer
- Re: [DNSOP] updated to draft-wing-dnsop-structure… Stephane Bortzmeyer
- Re: [DNSOP] updated to draft-wing-dnsop-structure… Ben Schwartz
- Re: [DNSOP] updated to draft-wing-dnsop-structure… Petr Špaček
- Re: [DNSOP] updated to draft-wing-dnsop-structure… Petr Špaček
- Re: [DNSOP] updated to draft-wing-dnsop-structure… Eric Orth
- Re: [DNSOP] updated to draft-wing-dnsop-structure… tirumal reddy
- Re: [DNSOP] updated to draft-wing-dnsop-structure… tirumal reddy
- Re: [DNSOP] updated to draft-wing-dnsop-structure… Neil Cook
- Re: [DNSOP] updated to draft-wing-dnsop-structure… Eric Orth
- Re: [DNSOP] Filtering and DNSSEC Paul Wouters
- Re: [DNSOP] Filtering and DNSSEC Vladimír Čunát
- Re: [DNSOP] Filtering and DNSSEC Paul Vixie
- Re: [DNSOP] Filtering and DNSSEC Paul Wouters
- Re: [DNSOP] Filtering and DNSSEC Paul Vixie