Third party DNS/DoH providers could probably block resolution of phishing names or botnet C&C names using the same methods as enterprises do today, but the enterprise network will not be informed that one of its devices just tried to contact a botnet C&C. It would be very nice if the IETF standardized a way to do that.
I don’t see why they wouldn’t, and I could easily envision them being obliged to do so in the future. They say to you IP a.b.c.d which sadly is the external IP on the NAT exiting the corporate network has a problem. So great one of potentially 1000’s of devices is infected but not really much better information than that. In effect exactly what most security operations teams assume is true every day of the week. Alister Winfield Information in this email including any attachments may be privileged, confidential and is intended exclusively for the addressee. The views expressed may not be official policy, but the personal views of the originator. If you have received it in error, please notify the sender by return e-mail and delete it from your system. You should not reproduce, distribute, store, retransmit, use or disclose its contents to anyone. Please note we reserve the right to monitor all e-mail communication through our internal and external networks. SKY and the SKY marks are trademarks of Sky Limited and Sky International AG and are used under licence. Sky UK Limited (Registration No. 2906991), Sky-In-Home Service Limited (Registration No. 2067075), Sky Subscribers Services Limited (Registration No. 2340150) and Sky CP Limited (Registration No. 9513259) are direct or indirect subsidiaries of Sky Limited (Registration No. 2247735). All of the companies mentioned in this paragraph are incorporated in England and Wales and share the same registered office at Grant Way, Isleworth, Middlesex TW7 5QD
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
