Re: [DNSOP] I-D Action: draft-ietf-dnsop-structured-dns-error-06.txt
Tommy Pauly <tpauly@apple.com> Thu, 19 October 2023 20:12 UTC
Return-Path: <tpauly@apple.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 39E3CC151086 for <dnsop@ietfa.amsl.com>; Thu, 19 Oct 2023 13:12:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.104
X-Spam-Level:
X-Spam-Status: No, score=-2.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=apple.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id r8oohmHZAD7f for <dnsop@ietfa.amsl.com>; Thu, 19 Oct 2023 13:12:20 -0700 (PDT)
Received: from ma-mailsvcp-mx-lapp02.apple.com (ma-mailsvcp-mx-lapp02.apple.com [17.32.222.23]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 450E4C151535 for <dnsop@ietf.org>; Thu, 19 Oct 2023 13:12:20 -0700 (PDT)
Received: from rn-mailsvcp-mta-lapp02.rno.apple.com (rn-mailsvcp-mta-lapp02.rno.apple.com [10.225.203.150]) by ma-mailsvcp-mx-lapp02.apple.com (Oracle Communications Messaging Server 8.1.0.23.20230328 64bit (built Mar 28 2023)) with ESMTPS id <0S2S009SXLG87C20@ma-mailsvcp-mx-lapp02.apple.com> for dnsop@ietf.org; Thu, 19 Oct 2023 13:12:19 -0700 (PDT)
X-Proofpoint-ORIG-GUID: HMMxavbYd809ws1APq2FkPeMuHwaUHzf
X-Proofpoint-GUID: HMMxavbYd809ws1APq2FkPeMuHwaUHzf
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.619, 18.0.980 definitions=2023-10-19_19:2023-10-19, 2023-10-19 signatures=0
X-Proofpoint-Spam-Details: rule=interactive_user_notspam policy=interactive_user score=0 mlxlogscore=999 suspectscore=0 malwarescore=0 adultscore=0 mlxscore=0 phishscore=0 bulkscore=0 spamscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2309180000 definitions=main-2310190171
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=apple.com; h=from : message-id : content-type : mime-version : subject : date : in-reply-to : cc : to : references; s=20180706; bh=30xecX+P12Q5gFuF+rbErEw0Fjj5n/f81GxYlCudDqQ=; b=LxUKDYogF65sIUowVk1H9ETC2bOqn31zHGpicnuqdqT8yKmPbUDtCzsc9cO4KeYHvDzi YiS4XDv1wG5NTOBkhuaZSs99ff7b/lFhyJbgPLdN4zJ0bD47BFaxFHkm2erYCQ/Ywrtw 4DNseGPijRR8DB+fU53oOk0/R8s0U+6V51ATo5i7EDFc1i1zZcF2SYeKDSBfoACN67rn HJpoDY0pYz+gBmtXT1FYFGFTQhn3Bz4/R9TV7GHE2N5lkzz7rUV7TJwfY4yZMv5rRWB2 xUtGRxRqFO00zS080T7e1ADjZCphgrFgF/BQJuRE4w8/onNEpqAxMYMQI+2eKK9NYoTi lg==
Received: from rn-mailsvcp-mmp-lapp02.rno.apple.com (rn-mailsvcp-mmp-lapp02.rno.apple.com [17.179.253.15]) by rn-mailsvcp-mta-lapp02.rno.apple.com (Oracle Communications Messaging Server 8.1.0.23.20230328 64bit (built Mar 28 2023)) with ESMTPS id <0S2S0014MLGFIWP0@rn-mailsvcp-mta-lapp02.rno.apple.com>; Thu, 19 Oct 2023 13:12:16 -0700 (PDT)
Received: from process_milters-daemon.rn-mailsvcp-mmp-lapp02.rno.apple.com by rn-mailsvcp-mmp-lapp02.rno.apple.com (Oracle Communications Messaging Server 8.1.0.23.20230328 64bit (built Mar 28 2023)) id <0S2S00O00KRGYB00@rn-mailsvcp-mmp-lapp02.rno.apple.com>; Thu, 19 Oct 2023 13:12:15 -0700 (PDT)
X-Va-A:
X-Va-T-CD: 3384e254f63dded59831a4cd87cd53a8
X-Va-E-CD: cbff9c2e43273ecc0451136f31de3a75
X-Va-R-CD: 88cbf2b5c89a581a0140b73c80819b04
X-Va-ID: 34ffb320-d612-40c8-8467-ff9cb95af8f7
X-Va-CD: 0
X-V-A:
X-V-T-CD: 3384e254f63dded59831a4cd87cd53a8
X-V-E-CD: cbff9c2e43273ecc0451136f31de3a75
X-V-R-CD: 88cbf2b5c89a581a0140b73c80819b04
X-V-ID: 6629a475-cda1-4b10-8feb-0b151c24288c
X-V-CD: 0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.619, 18.0.980 definitions=2023-10-19_19:2023-10-19, 2023-10-19 signatures=0
Received: from smtpclient.apple ([17.231.2.178]) by rn-mailsvcp-mmp-lapp02.rno.apple.com (Oracle Communications Messaging Server 8.1.0.23.20230328 64bit (built Mar 28 2023)) with ESMTPSA id <0S2S00VPWLGBF100@rn-mailsvcp-mmp-lapp02.rno.apple.com>; Thu, 19 Oct 2023 13:12:11 -0700 (PDT)
From: Tommy Pauly <tpauly@apple.com>
Message-id: <DB850E35-E036-46B3-9BB0-B29277B75FA3@apple.com>
Content-type: multipart/alternative; boundary="Apple-Mail=_927DF6C0-2F28-4E29-91F6-77C2F977FE0E"
MIME-version: 1.0 (Mac OS X Mail 16.0 \(3774.100.2.1.4\))
Date: Thu, 19 Oct 2023 13:12:04 -0700
In-reply-to: <CAHw9_iKDDt9W207osTsHpfaacjQioDM1VVbLk9JTRB2hjpEa1g@mail.gmail.com>
Cc: Vodafone Gianpaolo Angelo Scalone <Gianpaolo-Angelo.Scalone=40vodafone.com@dmarc.ietf.org>, DNSOP WG <dnsop@ietf.org>
To: Warren Kumari <warren@kumari.net>
References: <DB9PR05MB847313955E9EE5F63F53FDB3A3D4A@DB9PR05MB8473.eurprd05.prod.outlook.com> <CAHw9_iKDDt9W207osTsHpfaacjQioDM1VVbLk9JTRB2hjpEa1g@mail.gmail.com>
X-Mailer: Apple Mail (2.3774.100.2.1.4)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/TjdfbcXxDxSAHk07port45YVHPs>
Subject: Re: [DNSOP] I-D Action: draft-ietf-dnsop-structured-dns-error-06.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Oct 2023 20:12:25 -0000
> On Oct 19, 2023, at 12:44 PM, Warren Kumari <warren@kumari.net> wrote: > > I still don't understand why (other than marketing/advertising) this is needed — the EDE "4.18. Extended DNS Error Code 17 - Filtered" ("The server is unable to respond to the request because the domain is on a blocklist as requested by the client. Functionally, this amounts to "you requested that we filter domains like this one.") seems to cover it. > > If browsers are willing to do anything with the EDE codes (like "ERROR: Your DNS filtering provider says you shouldn't go here") what additional **important** information needs to be communicated? And if browsers are not willing to do anything with just EDE codes, it sure doesn't seem like they would want to do that **and** follow an unauthenticated URL… Safari is now displaying the EDE-code based information! So we are willing to show that. The case that might still be interesting is providing the user some (hopefully safe) way to contact the blocker to dispute why this is being blocked — so a way to send an email to an administrator, but not something else. Showing advertising or marketing or any arbitrary page is not something I think would fly. Tommy > > Anything more simply adds complexity and security risks, and entails privacy concerns for the user too… > > W > > > On Thu, Oct 19, 2023 at 4:05 AM, Vodafone Gianpaolo Angelo Scalone <Gianpaolo-Angelo.Scalone=40vodafone.com@dmarc.ietf.org <mailto:Gianpaolo-Angelo.Scalone=40vodafone.com@dmarc.ietf.org>> wrote: >> Hi, >> >> I think that we have now 2 good potential compromises: >> >> A browser interstitial page explaining that the following page is generated by the service that blocked the actual page, with a button indicating “proceed to the blocking page” and another “dismiss” >> A graphical representation of the blocking page, rendered as image with no clickable links, with a button indicating “proceed to the blocking page” and another “dismiss” >> >> This would be understandable by customers and provide a good user experience and security. >> >> In addition we could start thinking about a reputation mechanism. >> >> >> Kind regards >> >> >> Gianpaolo >> >> >> C2 General >> _______________________________________________ >> DNSOP mailing list >> DNSOP@ietf.org <mailto:DNSOP@ietf.org> >> https://www.ietf.org/mailman/listinfo/dnsop >> > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop
- [DNSOP] I-D Action: draft-ietf-dnsop-structured-d… internet-drafts
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-structur… Gianpaolo Angelo Scalone, Vodafone
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-structur… Tommy Pauly
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-structur… Warren Kumari
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-structur… Gianpaolo Angelo Scalone, Vodafone
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-structur… tirumal reddy
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-structur… Tommy Pauly
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-structur… Eric Orth
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-structur… Ralf Weber
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-structur… tirumal reddy
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-structur… Warren Kumari
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-structur… Peter Thomassen
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-structur… Peter Thomassen
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-structur… Ralf Weber
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-structur… Gianpaolo Angelo Scalone, Vodafone
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-structur… Warren Kumari
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-structur… Tommy Pauly
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-structur… tirumal reddy
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-structur… Ben Schwartz
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-structur… Dan Wing
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-structur… tirumal reddy