Following up on the last IETF session and observations regarding the usability of this draft at the end of the meeting, this draft covers 2 important areas from my perspective: DNS error information made available to the end-users as opposed to (mainly) administrators/operators from the extended-DNS-errors RFC (rfc8914); the promotion of increased DNS security as a means to achieve reliable information.
For those two reasons I'd like to ask:
- Are there specific sections of the I-D that require input?
- Are there remaining questions from the 109 meeting?
- What's currently needed for potentially moving forward with WG adoption?
Thank you,
-- Joey Salazar Digital Sr. Programme Officer ARTICLE 19 6E9C 95E5 5BED 9413 5D08 55D5 0A40 4136 0DF0 1A91
On 14-Oct-20 10:50 PM, tirumal reddy
wrote:
Hi all,
This revision https://tools.ietf.org/html/draft-reddy-dnsop-error-page-05 updates security considerations section to address comments from the WG during the presentation at IETF-108.
As a reminder, it discusses a method to return an URL that explains the reason the DNS query was filtered. It defines an Error page URI EDNS0 option to return an URI Template which when accessed provides the reason the DNS query was filtered. The Error Page URI Template is protected with a signature for data origin authentication. It discusses mandatory rules (e.g., DoH and strict privacy profile in DoT) to process the Error page URI EDNS0 option.
Further comments and suggestions are welcome.
Cheers,
-Tiru
---------- Forwarded message ---------
From: <internet-dra...@ietf.org>
Date: Wed, 14 Oct 2020 at 11:25
Subject: New Version Notification for draft-reddy-dnsop-error-page-05.txt
To: Tirumaleswar Reddy.K <kond...@gmail.com>, Mohamed Boucadair <mohamed.boucad...@orange.com>, Neil Cook <neil.c...@noware.co.uk>, Dan Wing <dwing-i...@fuggles.com>
A new version of I-D, draft-reddy-dnsop-error-page-05.txt
has been successfully submitted by Tirumaleswar Reddy and posted to the
IETF repository.
Name: draft-reddy-dnsop-error-page
Revision: 05
Title: DNS Access Denied Error page
Document date: 2020-10-13
Group: Individual Submission
Pages: 16
URL: https://www.ietf.org/archive/id/draft-reddy-dnsop-error-page-05.txt
Status: https://datatracker.ietf.org/doc/draft-reddy-dnsop-error-page/
Htmlized: https://datatracker.ietf.org/doc/html/draft-reddy-dnsop-error-page
Htmlized: https://tools.ietf.org/html/draft-reddy-dnsop-error-page-05
Diff: https://www.ietf.org/rfcdiff?url2=draft-reddy-dnsop-error-page-05
Abstract:
When a DNS server filters a query, the response conveys no detailed
explanation of why that query was blocked, leading thus to end-user
confusion. A solution is needed to enhance the user experience.
This document defines a method to return an URI that explains the
reason why a DNS query was filtered.
Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.
The IETF Secretariat
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
OpenPGP_signature
Description: OpenPGP digital signature_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
