IETF Logo Mail Archive

[DNSOP] Re: AD review of draft-ietf-dnsop-structured-dns-error-19

Mark Nottingham <mnot@mnot.net> Sun, 10 May 2026 02:48 UTC

Return-Path: <mnot@mnot.net>
X-Original-To: dnsop@mail2.ietf.org
Delivered-To: dnsop@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id DFA6BEBE7435 for <dnsop@mail2.ietf.org>; Sat, 9 May 2026 19:48:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1778381284; bh=kJpOsV9Yqal9qAQ/iRIMCAJfMPQvzYqFpU/i7+B3tvk=; h=Subject:From:In-Reply-To:Date:Cc:References:To; b=YfbOxSAqcLomtdGYghc+OP4LRU6RkAn8AlOJlNHAklOW1T/+8C/8kdgKl2C+4dk0E kG665+8xrwkvW6cYprsRWKVXpFNFF5vP/24ojdyvlx77C3McbLrR1C/jsyOi5kbhmF IzPwKd4iNtJTP4JXnglpWYtQrgHWvgg/NphSRvgI=
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.799
X-Spam-Level:
X-Spam-Status: No, score=-2.799 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=mnot.net header.b="hu3pB/wo"; dkim=pass (2048-bit key) header.d=messagingengine.com header.b="ND0VnwN6"
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sAkKT52qwL-c for <dnsop@mail2.ietf.org>; Sat, 9 May 2026 19:48:00 -0700 (PDT)
Received: from fout-b6-smtp.messagingengine.com (fout-b6-smtp.messagingengine.com [202.12.124.149]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 99B9DEBE742C for <dnsop@ietf.org>; Sat, 9 May 2026 19:48:00 -0700 (PDT)
Received: from phl-compute-03.internal (phl-compute-03.internal [10.202.2.43]) by mailfout.stl.internal (Postfix) with ESMTP id A3A811D0004B; Sat, 9 May 2026 22:47:53 -0400 (EDT)
Received: from phl-frontend-04 ([10.202.2.163]) by phl-compute-03.internal (MEProxy); Sat, 09 May 2026 22:47:54 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mnot.net; h=cc :cc:content-transfer-encoding:content-type:content-type:date :date:from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to; s=fm1; t=1778381273; x=1778467673; bh=GAx1S7BC43hYpNyeeQ1C1nrxYtfBm9H+xk2J8D9IXnI=; b= hu3pB/woU9r9PbfX83l2Mt3HLJQ2+DQBLWh4MFkgncRPjRafKwyCAMU5zm3W2zpC kcvuCj+hF0EgWRvDP7NxbyqL/aMoA6uKUFZvhf0Fxis8LfCJz1/omCG9rufqlwiO 3er0eX35EXZvnKmn/9VkliqtrdDT8ootnr4c3qBMKNINIFnHbavrxPsnVE7AZOqE WQrs+Q4upT35oVGqGefQzg+l1sf19JCd9payzBY8PBmK9kd5dTrjuo/ckSt1EY9X Rj8eAdB/Hu+vPIdI6xhXu6n6YunJabWRDs6mgu65B0oQKOXoTxxBl1hehmUitdbV ez8VjM85EwEhA9c4my8JBw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:content-type:date:date:feedback-id:feedback-id :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm3; t=1778381273; x= 1778467673; bh=GAx1S7BC43hYpNyeeQ1C1nrxYtfBm9H+xk2J8D9IXnI=; b=N D0VnwN6p+fk4C8mkJ15WtkPKK5zIgZ0vCskKL4PWZGtXMSUDjKh9bgVMUXA8pekZ fq3aGNNX0zjpiy5pXl5YHrefQf+pY9Y3BzCmC1DCMDBwEONsJFv+nhbYXyv++AGn SnEXOdVJONX7jQlC3gtY0mzuIBzwAej+v5ajtiNIAH66gBFNdrlbDvvea67gspFc qx8BhO49TNbyt8qcS2tBJjUjVTsMvJ3X5u0tNkp2f/qmcJzWre5/Hb/xTcl2lfeN cC88BukfaGLB8669CEE7cWzc7UN0b7gyqjZgGAUxGsIZNI6tq7vSYZ05B2S4OIRU fNNyIDrle6F4g6b0XbHuw==
X-ME-Sender: <xms:2fH_afFkVFCBGOMcPc7h-yvsI6OXRDbiiMQbdsBwXje-PimBjAxHGQ> <xme:2fH_abZ7NKGoA76zb3dqQg_Hj-_PISOindegSGaAGDdcUfFnoQdREqTCa_7XsV9WY Nd4BbSG8pjh2b2u3Apa2DkzjB35L2UR-h5W68Lw2uDcHSb8PIfiTQ>
X-ME-Received: <xmr:2fH_aXXu0j3LBVEzf2OgHdrwIcVWoMviHpDQeYMrkOFwua_LqY1PD20ziQRjeE5Tkp4exJuVq6W0lx5Ce3hfzsEqn-W7yS97d9OMg_WdfDcELVMhzSsT8w>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeefhedrtddtgdduudegleehucetufdoteggodetrf dotffvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfurfetoffkrfgpnffqhgenuceu rghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmnecujf gurheptggguffhjgffvefgkfhfvffosehtqhhmtdhhtdejnecuhfhrohhmpeforghrkhcu pfhothhtihhnghhhrghmuceomhhnohhtsehmnhhothdrnhgvtheqnecuggftrfgrthhtvg hrnhepfefhhfelleejjeejieekhfejfeeiheetgeejgffhudegveeigeehgefftdetudet necuffhomhgrihhnpehmnhhothdrnhgvthenucevlhhushhtvghrufhiiigvpedtnecurf grrhgrmhepmhgrihhlfhhrohhmpehmnhhothesmhhnohhtrdhnvghtpdhnsggprhgtphht thhopeekpdhmohguvgepshhmthhpohhuthdprhgtphhtthhopehmuhhkshesmhhukhhunh gurdhorhhgpdhrtghpthhtohepvghvhihntghkvgestghishgtohdrtghomhdprhgtphht thhopehkohhnughtihhrsehgmhgrihhlrdgtohhmpdhrtghpthhtohepughnshhophesih gvthhfrdhorhhgpdhrtghpthhtohepuggrnhifihhnghesghhmrghilhdrtghomhdprhgt phhtthhopehnvghilhdrtghoohhksehnohifrghrvgdrtghordhukhdprhgtphhtthhope hmohhhrghmvggurdgsohhutggruggrihhrsehorhgrnhhgvgdrtghomhdprhgtphhtthho pegsvghnnhhosehnlhhnvghtlhgrsghsrdhnlh
X-ME-Proxy: <xmx:2fH_aZnD0ZNTrxQFvw47s0eOhQCm6mkBEMUdwcIbpwjXXFO1xi477w> <xmx:2fH_aaBMVo3Cd1tg7YTX7FzCXr0OKlp6Mvo_459y0os1d4fyMI9Xsg> <xmx:2fH_aQhezvqV1VkvN5D6hoPuejzYA065AB4D_S9wynJSYp2BRo3Viw> <xmx:2fH_afyJfFRkrkkk1BxlucSWvLrNptH3axzelf18Sl7KoFqmhtSUjg> <xmx:2fH_adxOPoa2ERuuhgM3WnxLfMcozImuh08M5SXOhfIirKqnlEdcpIFC>
Feedback-ID: ie6694242:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Sat, 9 May 2026 22:47:50 -0400 (EDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3864.500.181\))
From: Mark Nottingham <mnot@mnot.net>
In-Reply-To: <af_v9m2ZZPBiBxtP@p5>
Date: Sun, 10 May 2026 12:47:47 +1000
Content-Transfer-Encoding: quoted-printable
Message-Id: <EEE4DC6E-8A80-4268-869E-028FC14E7D8F@mnot.net>
References: <PH0PR11MB49665D117EA1C0C920A1ED0FA93E2@PH0PR11MB4966.namprd11.prod.outlook.com> <CAFpG3geNkMs=_HeeirUcRX2-GXW5wEHZiYTLUj0Q_5CYVeVmWQ@mail.gmail.com> <SA2PR11MB4972BEA47D1E95384D5A82AFA93D2@SA2PR11MB4972.namprd11.prod.outlook.com> <af4QDrlZ-5hCfL_c@p5> <af4S9qW-LHOdQwQF@p5> <af4a6Hm9Eaql7qS9@p5> <PH0PR11MB4966FD11066304902E30BCB9A93A2@PH0PR11MB4966.namprd11.prod.outlook.com> <B98883D5-B6A9-4039-9C9D-B1BCEAE7E46D@mnot.net> <af_v9m2ZZPBiBxtP@p5>
To: Mukund Sivaraman <muks@mukund.org>
X-Mailer: Apple Mail (2.3864.500.181)
Message-ID-Hash: 7QFOZVEJ3T77L3OL6ICNSSP7AD4HJO6M
X-Message-ID-Hash: 7QFOZVEJ3T77L3OL6ICNSSP7AD4HJO6M
X-MailFrom: mnot@mnot.net
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-dnsop.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "Eric Vyncke (evyncke)" <evyncke@cisco.com>, tirumal reddy <kondtir@gmail.com>, "dnsop@ietf.org WG" <dnsop@ietf.org>, Dan Wing <danwing@gmail.com>, "neil.cook@noware.co.uk" <neil.cook@noware.co.uk>, Mohamed Boucadair <mohamed.boucadair@orange.com>, Benno Overeinder <benno@nlnetlabs.nl>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [DNSOP] Re: AD review of draft-ietf-dnsop-structured-dns-error-19
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/TZqSFbLVxmNI4UcnibJOprsqY5o>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Owner: <mailto:dnsop-owner@ietf.org>
List-Post: <mailto:dnsop@ietf.org>
List-Subscribe: <mailto:dnsop-join@ietf.org>
List-Unsubscribe: <mailto:dnsop-leave@ietf.org>

There's been pretty consistent feedback from browsers that they're reluctant to directly display textual strings from DNS responses to users. 


> On 10 May 2026, at 12:39 pm, Mukund Sivaraman <muks@mukund.org> wrote:
> 
> On Sun, May 10, 2026 at 10:19:07AM +1000, Mark Nottingham wrote:
>> I'd be concerned if we started rebuilding HTTP semantics inside
>> DNS. The merit of putting links instead of strings inside the response
>> is that you can then use language negotiation (etc.) for a richer
>> experience when called for without burdening DNS.
> 
> Indeed a URL that provides localized information seems better than
> localizing in DNS.
> 
> I think Eric is pushing for localizing the justification string which is
> meant to be displayed to a human in a browser.
> 
>> Emitting another bit of fingerprinting data on all DNS requests is
>> likely to be controversial, and also will require significant
>> implementation effort.
> 
> For example, if the new structured-dns-error EDNS option in a query,
> instead of being empty, includes the requested language, a nameserver
> could ignore it and deliver text for whatever locale it wants to as is
> currently specified in the draft.  The extra implementation effort would
> be for nameservers that want to deliver localized strings, and that need
> not be much work. For example, for one kind of implementation, it would
> involve wrapping justification messages in _(), providing po
> translations, specification of organization translations in
> configuration with a map.  Just responding to the point that this isn't
> necessarily a lot of development work.
> 
> I prefer the URL approach you've mentioned above and to leave
> localization out. The language field would be just an indicator of what
> language the justification and organization name are delivered in.
> 
> Mukund

--
Mark Nottingham   https://www.mnot.net/

v2.46.0 | Report a Bug | By Email | System Status