We incorporated a few suggestions during WG adoption into the WG's -00 version, notably:
- we listed citations for the sub-error codes Malware [RFC5901], Phishing [RFC5901], Spam [RFC4949], and Spyware [RFC4949] - split the sub-error code for local policy into two separate sub-error codes to allow better differentiation. So it now has DNS operator policy (e.g., the DNS operator imposed certain filtering on their own accord) and network operator policy (e.g., the operator of the network requested the filtering) - document now requires newly-defined Sub-Errors to cite an IETF-approved document - as a result of the above change, we removed the sub-error "Abuse" as it didn't have an IETF-approved citation - added text to better explain changes to RFC8914 - now require DNS servers never return "Forged Answer" Extended DNS Error (or a forged DNS answer) if the query indicated the client supports Extended DNS Error (EDE), because doing so prevents returning the RFC8914 Extended DNS Error that better explains the filtering. - allow "j" and "o" fields to contain UTF-8. - provide an explanation for handling language of the error. Negotiating the user's preferred language is another approach suggested by BCP18/RFC2277 but harms client privacy. The WG probably wants to consider the approach in the document more deeply. This complication is shared with RFC8914's EXTRA-TEXT but RFC8914 was silent on EXTRA-TEXT's language. The document is maintained at https://github.com/ietf-wg-dnsop/draft-ietf-dnsop-structured-dns-error side-by-side diff: https://author-tools.ietf.org/iddiff?url1=https://www.ietf.org/archive/id/draft-wing-dnsop-structured-dns-error-page-05.txt&url2=https://www.ietf.org/archive/id/draft-ietf-dnsop-structured-dns-error-00.txt -d > On Feb 13, 2023, at 10:31 PM, internet-dra...@ietf.org wrote: > > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This draft is a work item of the Domain Name System Operations WG of the IETF. > > Title : Structured Error Data for Filtered DNS > Authors : Dan Wing > Tirumaleswar Reddy > Neil Cook > Mohamed Boucadair > Filename : draft-ietf-dnsop-structured-dns-error-00.txt > Pages : 19 > Date : 2023-02-13 > > Abstract: > DNS filtering is widely deployed for network security, but filtered > DNS responses lack information for the end user to understand the > reason for the filtering. Existing mechanisms to provide detail to > end users cause harm especially if the blocked DNS response is to an > HTTPS website. > > This document updates RFC 8914 by structuring the EXTRA-TEXT field of > the Extended DNS Error to provide details on the DNS filtering. Such > details can be parsed by the client and displayed, logged, or used > for other purposes. Other than that, this document does not change > any thing written in RFC 8914. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-dnsop-structured-dns-error/ > > There is also an HTML version available at: > https://www.ietf.org/archive/id/draft-ietf-dnsop-structured-dns-error-00.html > > > Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts > > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
