[DNSOP] Re: Working Group Last Call draft-ietf-dnsop-structured-dns-error
tirumal reddy <kondtir@gmail.com> Mon, 11 November 2024 13:49 UTC
Return-Path: <kondtir@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1A50FC14F61A for <dnsop@ietfa.amsl.com>; Mon, 11 Nov 2024 05:49:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.002
X-Spam-Level:
X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MHiu6LjKL92B for <dnsop@ietfa.amsl.com>; Mon, 11 Nov 2024 05:49:23 -0800 (PST)
Received: from mail-ed1-x531.google.com (mail-ed1-x531.google.com [IPv6:2a00:1450:4864:20::531]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4ED03C14F60B for <dnsop@ietf.org>; Mon, 11 Nov 2024 05:49:23 -0800 (PST)
Received: by mail-ed1-x531.google.com with SMTP id 4fb4d7f45d1cf-5ced377447bso6552045a12.1 for <dnsop@ietf.org>; Mon, 11 Nov 2024 05:49:23 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1731332961; x=1731937761; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=5qhWFvZr7d51X88JUmCT1jLwpmEy0WoMKvihLF/yNVI=; b=bggUPd3tqEj2AY6WM29H+lFJ2OHpFyJK0rhxAaDF4r5R48M29jGvKwtG5UD4H2KFDW xBR5Qi43pegt81wSvywPcMXTr1Z5/48q2VF3kX5RydrnX/oDgW6/by5RII7rg9NJJBvT qUyD42ZDOfgBF5Ia749SAnZtTcTimRsLUr31fROzPq/f4lnvQ9mYxMBABPBefToge6Bv ITag4tZNEWSV+xUGZntBbCJUI+wCJd3eMUIusPBNWLOuLiNuxZFu54bnwtK0HF61p0cf +6qv0k8X1IuhQqFTP7t3/JpDpkV1MQ7CN9dKK4KBnTmhZRr4Hi5faPgqmypcmuqziJ5J A/Jg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1731332961; x=1731937761; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=5qhWFvZr7d51X88JUmCT1jLwpmEy0WoMKvihLF/yNVI=; b=Kz3BZ+E6EDdvSfF5xQ0fmn4CkcrAbmbHxTyCi16Hf0GdIzxHB1LWCBQTPvusQxa8pj eAHUZPBQN9466ZsJefb4G6arXHrfXi3XFpfXJCpB5NacedY3ZK6FhBSvnx66abuXKIxw Nu9L+MFlqd+uNNMXqZQ5bit7ESIWXIC9q6NmyRcIO7hn1afjirXCg68u/18CDu55d+/O +1yaXV3gYlK1lAItg2YwyamfTIYXwtO8tNFCAJ9f0mRZJd2RybdHr35vSAHnZGJZ6M4X Bt5cNFHHpJuA8jZYKIs3Mn0cNAVYVkSygWPLDGM6RxsQ+x9P2Nh2Ffb7UCP4ijdikUyh NT8w==
X-Forwarded-Encrypted: i=1; AJvYcCUiy9X0OmyUous3PacQX+3hYnFMfmdK3myyICfT4DICFa2o2Kx6+9W5isrVTOptLbLYTl17gg==@ietf.org
X-Gm-Message-State: AOJu0YyzMrkAibiiCLbqm3hyWlz8yhQyuRilHkCT+Tigj0ATiwZfQNuv LE7KgouAGBSNSyrQe0KpZdoC9wH4thrYTYozdqcDqzyMRXR54yyntpVM6bxSjPOpQnY+vOnHOdS xBpaG2KErKKlMOY+d0lgAXOkLrKA=
X-Google-Smtp-Source: AGHT+IF1tVTraPe4IQt9FHKNc6nguZ9jSz464TG1iscxDAn/Ezfmn8qmxKhVuHwFJ75lFWEEMgOa+nuALP1fOvAji8E=
X-Received: by 2002:aa7:c444:0:b0:5c9:76ca:705b with SMTP id 4fb4d7f45d1cf-5cf0a478e7dmr9183581a12.34.1731332961157; Mon, 11 Nov 2024 05:49:21 -0800 (PST)
MIME-Version: 1.0
References: <5725b858-a35d-41fa-a5a8-5a61e0ce3a7a@NLnetLabs.nl> <5F399953-DDDD-4E94-AF60-9C6D6A9064B3@apple.com> <SA1PR15MB4370372BC0DA05714FA02E44B35C2@SA1PR15MB4370.namprd15.prod.outlook.com>
In-Reply-To: <SA1PR15MB4370372BC0DA05714FA02E44B35C2@SA1PR15MB4370.namprd15.prod.outlook.com>
From: tirumal reddy <kondtir@gmail.com>
Date: Mon, 11 Nov 2024 19:18:43 +0530
Message-ID: <CAFpG3gekH72vejKBM5PeTVPxvYWkm6agJrAxDL_Y9PUTxvN3+w@mail.gmail.com>
To: Ben Schwartz <bemasc=40meta.com@dmarc.ietf.org>
Content-Type: multipart/alternative; boundary="000000000000234aaf0626a35eed"
Message-ID-Hash: 765X3ZEIX4FD5MHD4TSGKHXHWXNRWEMR
X-Message-ID-Hash: 765X3ZEIX4FD5MHD4TSGKHXHWXNRWEMR
X-MailFrom: kondtir@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-dnsop.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Tommy Pauly <tpauly=40apple.com@dmarc.ietf.org>, DNSOP Working Group <dnsop@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [DNSOP] Re: Working Group Last Call draft-ietf-dnsop-structured-dns-error
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/z-bj0uue3uhhWAUGgtN3qSzW1w4>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Owner: <mailto:dnsop-owner@ietf.org>
List-Post: <mailto:dnsop@ietf.org>
List-Subscribe: <mailto:dnsop-join@ietf.org>
List-Unsubscribe: <mailto:dnsop-leave@ietf.org>
Hi Ben, The selected suberror codes are identified as threats by the IETF and would potentially compromise the security posture of the endpoint (see Section 10.4 of the draft). The other common reasons you mentioned fall under the category of 'censorship,' which could be perceived as an invasion of end-user privacy, and are therefore not included. A stricter registration policy will allow new suberror codes to be added in the future with IETF approval, avoiding any undue pressure on Designated Experts. Cheers, -Tiru On Thu, 7 Nov 2024 at 19:40, Ben Schwartz <bemasc=40meta.com@dmarc.ietf.org> wrote: > I requested a stricter registration policy because of the "suberror" > registry, which includes codes indicating blocking due to "Malware", > "Phishing", "Spam", and "Spyware". These are far from the only reasons > that DNS servers refuse to answer queries. Other common reasons include > "Pornography", "Gambling", "Advertising", "Copyright Violation", > "Blasphemy", "Sanctions", "Extremism", "Incitement", ... > > My preference would be to remove the "suberror" field and registry > entirely. Failing that, I do not want to ask a Designated Expert whether > to register suberror codes for every perceived evil in the world. Each > registry entry implicitly normalizes this filtering rationale as a behavior > deemed acceptable by the IETF. > > --Ben Schwartz > ------------------------------ > *From:* Tommy Pauly <tpauly=40apple.com@dmarc.ietf.org> > *Sent:* Tuesday, November 5, 2024 10:46 AM > *To:* DNSOP Working Group <dnsop@ietf.org> > *Cc:* DNSOP Chairs <dnsop-chairs@ietf.org>; Benno Overeinder > <benno@NLnetLabs.nl> > *Subject:* [DNSOP] Re: Working Group Last Call > draft-ietf-dnsop-structured-dns-error > > Overall, I think this document, and its definition of the EXTRA-TEXT field > as JSON is important. To that end, I am eager to see progress in this area. > However, I think we should not quite yet ship this out of the WG. Two > specific points: - I’d > Overall, I think this document, and its definition of the EXTRA-TEXT field > as JSON is important. To that end, I am eager to see progress in this area. > > However, I think we should not quite yet ship this out of the WG. > > Two specific points: > - I’d like to have a working group discussion with regards to the proposal > in draft-nottingham-public-resolver-errors-00. While that doesn’t > necessarily require being merged > into draft-ietf-dnsop-structured-dns-error, it *could* be, and I would > like to ensure with the WG that if they are separate, that there are no > changes needed in draft-ietf-dnsop-structured-dns-error in order to support > the details Mark’s draft is proposing. I think this incident/operator ID > approach is potentially a very compelling tool to drive adoption of these > errors across browser clients. > > - I am concerned about the IANA registry policy for the JSON names being > IETF Review. (My concerns are slightly less for the other registries.) > Requiring not only an RFC, but an IETF-stream RFC, seems like too high a > bar. I would suggest Expert Review. > > Best, > Tommy > > On Oct 26, 2024, at 9:10 PM, Benno Overeinder <benno@NLnetLabs.nl> wrote: > > Dear all, > > The draft-ietf-dnsop-structured-dns-error has seen several revisions and > there has been considerable discussion on the mailing list and in the WG. > At IETF 116, Gianpaolo Scalone (Vodafone) and Ralf Weber (Akamai) presented > a proof of concept of this specification. > > The authors and the WG chairs believe the draft is ready for a Working > Group Last Call. > > > This initiates the Working Group Last Call (WGLC) for > draft-ietf-dnsop-structured-dns-error, "Structured Error Data for Filtered > DNS." > > The draft can be reviewed here: > https://datatracker.ietf.org/doc/draft-ietf-dnsop-structured-dns-error/ > <https://urldefense.com/v3/__https://datatracker.ietf.org/doc/draft-ietf-dnsop-structured-dns-error/__;!!Bt8RZUm9aw!5yHYzIH7UZT84CIbOttYH5wYSmd08DCgh-GztpIx3za7t4sfIZDMmxvYpzV9EKqJGumO7iwPYVpcDYNIk4Hw-blr-1A$> > > Intended Status: Proposed Standard > Document Shepherd: Benno > > Please take the time to review this draft and share any relevant > comments. For the WGLC to be effective, we need both positive support and > constructive feedback; a simple lack of objection isn’t enough. > > If you believe this draft is ready for publication as an RFC, please state > your support. Conversely, if you feel the document isn’t ready for > publication, please provide your concerns and reasoning. > > This starts a two-week Working Group Last Call process, concluding on > November 9, 2024. > > Thank you, > > Suzanne > Tim > Benno > > _______________________________________________ > DNSOP mailing list -- dnsop@ietf.org > To unsubscribe send an email to dnsop-leave@ietf.org > > > _______________________________________________ > DNSOP mailing list -- dnsop@ietf.org > To unsubscribe send an email to dnsop-leave@ietf.org >
- [DNSOP] Working Group Last Call draft-ietf-dnsop-… Benno Overeinder
- [DNSOP] Re: Working Group Last Call draft-ietf-dn… Stephane Bortzmeyer
- [DNSOP] Re: Working Group Last Call draft-ietf-dn… Tim Wicinski
- [DNSOP] Re: Working Group Last Call draft-ietf-dn… Ralf Weber
- [DNSOP] Re: Working Group Last Call draft-ietf-dn… Vittorio Bertola
- [DNSOP] Re: Working Group Last Call draft-ietf-dn… Wilman Lee, Vodafone
- [DNSOP] Re: Working Group Last Call draft-ietf-dn… Tommy Pauly
- [DNSOP] Re: Working Group Last Call draft-ietf-dn… Gianpaolo Angelo Scalone, Vodafone
- [DNSOP] Re: Working Group Last Call draft-ietf-dn… mohamed.boucadair
- [DNSOP] Re: Working Group Last Call draft-ietf-dn… Stephane Bortzmeyer
- [DNSOP] Re: Working Group Last Call draft-ietf-dn… Daniel Migault
- [DNSOP] Re: Working Group Last Call draft-ietf-dn… Ben Schwartz
- [DNSOP] Re: Working Group Last Call draft-ietf-dn… Dan Sexton
- [DNSOP] Re: Working Group Last Call draft-ietf-dn… Joe Abley
- [DNSOP] Re: Working Group Last Call draft-ietf-dn… tirumal reddy
- [DNSOP] Re: Working Group Last Call draft-ietf-dn… tirumal reddy
- [DNSOP] Re: Working Group Last Call draft-ietf-dn… tirumal reddy
- [DNSOP] Re: Working Group Last Call draft-ietf-dn… Ben Schwartz
- [DNSOP] Re: Working Group Last Call draft-ietf-dn… tirumal reddy
- [DNSOP] Re: Working Group Last Call draft-ietf-dn… Benno Overeinder
- [DNSOP] Re: Working Group Last Call draft-ietf-dn… tirumal reddy