Re: [DNSOP] Fwd: New Version Notification for draft-reddy-dnsop-error-page-05.txt

Joey S <> Fri, 18 December 2020 21:27 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id DFF2F3A07D1 for <>; Fri, 18 Dec 2020 13:27:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, MIME_HTML_ONLY=0.1, NICE_REPLY_A=-0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 1H9NqNznR6oW for <>; Fri, 18 Dec 2020 13:27:21 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id A7A5D3A07C8 for <>; Fri, 18 Dec 2020 13:27:01 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;; s=mail; h=Content-Type:In-Reply-To:MIME-Version:Date: Message-ID:Subject:Cc:From:References:To:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=sQPRTsXDSIjPSxTFxNS8t8qud2X7nq1kf5ongyBPD/c=; b=w3nKgfzvy8BsymcfS98Yg/6yR Df70qFeIH066qzO4wb7uSbsP//x8MZk1bs8RI4d9MU+bNQH/hXOp81v2Y8AG7bdogC6MbJ0nBlA2U Z6ABaEAqv0tKd8azL3qJKpOgp159cCm6N7Zk+omWZ4on5TFdBeNv8MXaSmHZQibwwdR5c=;
To: tirumal reddy <>
References: <> <>
From: Joey S <>
Cc: dnsop <>
Message-ID: <>
Date: Fri, 18 Dec 2020 15:26:51 -0600
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.5.0
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="o5ZsCrFPj8r1tMX8or6KlDVorFSAuiXpG"
X-Authenticated-As-Hash: 3c8a76879922505f22521320ab57e3bbe25ea7cc
X-Virus-Scanned: by clamav at
X-Scan-Signature: b5b0734bb415cefc525000fae9088821
Archived-At: <>
Subject: Re: [DNSOP] Fwd: New Version Notification for draft-reddy-dnsop-error-page-05.txt
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 18 Dec 2020 21:27:24 -0000

Dear Tirumal, dnsop,

Following up on the last IETF session and observations regarding the usability of this draft at the end of the meeting, this draft covers 2 important areas from my perspective: DNS error information made available to the end-users as opposed to (mainly) administrators/operators from the extended-DNS-errors RFC (rfc8914); the promotion of increased DNS security as a means to achieve reliable information.

For those two reasons I'd like to ask:
  • Are there specific sections of the I-D that require input?
  • Are there remaining questions from the 109 meeting?
  • What's currently needed for potentially moving forward with WG adoption?

Thank you,

Joey Salazar
Digital Sr. Programme Officer
6E9C 95E5 5BED 9413 5D08 55D5 0A40 4136 0DF0 1A91
On 14-Oct-20 10:50 PM, tirumal reddy wrote:
Hi all,

This revision" target="_blank" rel="nofollow"> updates security considerations section to address comments from the WG during the presentation at IETF-108.

As a reminder, it discusses a method to return an URL that explains the reason the DNS query was filtered. It defines an Error page URI EDNS0 option to return an URI Template which when accessed provides the reason the DNS query was filtered. The Error Page URI Template is protected with a signature for data origin authentication. It discusses mandatory rules (e.g., DoH and strict privacy profile in DoT) to process the Error page URI EDNS0 option.

Further comments and suggestions are welcome.


---------- Forwarded message ---------
From: <>
Date: Wed, 14 Oct 2020 at 11:25
Subject: New Version Notification for draft-reddy-dnsop-error-page-05.txt
To: Tirumaleswar Reddy.K <>, Mohamed Boucadair <>, Neil Cook <>, Dan Wing <>

A new version of I-D, draft-reddy-dnsop-error-page-05.txt
has been successfully submitted by Tirumaleswar Reddy and posted to the
IETF repository.

Name:           draft-reddy-dnsop-error-page
Revision:       05
Title:          DNS Access Denied Error page
Document date:  2020-10-13
Group:          Individual Submission
Pages:          16
URL:  " rel="noreferrer nofollow" target="_blank">
Status:" rel="noreferrer nofollow" target="_blank">
Htmlized:" rel="noreferrer nofollow" target="_blank">
Htmlized:" rel="noreferrer nofollow" target="_blank">
Diff: " rel="noreferrer nofollow" target="_blank">

   When a DNS server filters a query, the response conveys no detailed
   explanation of why that query was blocked, leading thus to end-user
   confusion.  A solution is needed to enhance the user experience.

   This document defines a method to return an URI that explains the
   reason why a DNS query was filtered.

Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at" rel="noreferrer nofollow" target="_blank">

The IETF Secretariat

DNSOP mailing list" rel="nofollow">