> On Oct 19, 2023, at 12:44 PM, Warren Kumari <war...@kumari.net> wrote:
>
> I still don't understand why (other than marketing/advertising) this is
> needed — the EDE "4.18. Extended DNS Error Code 17 - Filtered" ("The server
> is unable to respond to the request because the domain is on a blocklist as
> requested by the client. Functionally, this amounts to "you requested that we
> filter domains like this one.") seems to cover it.
>
> If browsers are willing to do anything with the EDE codes (like "ERROR: Your
> DNS filtering provider says you shouldn't go here") what additional
> **important** information needs to be communicated? And if browsers are not
> willing to do anything with just EDE codes, it sure doesn't seem like they
> would want to do that **and** follow an unauthenticated URL…
Safari is now displaying the EDE-code based information! So we are willing to
show that.
The case that might still be interesting is providing the user some (hopefully
safe) way to contact the blocker to dispute why this is being blocked — so a
way to send an email to an administrator, but not something else. Showing
advertising or marketing or any arbitrary page is not something I think would
fly.
Tommy
>
> Anything more simply adds complexity and security risks, and entails privacy
> concerns for the user too…
>
> W
>
>
> On Thu, Oct 19, 2023 at 4:05 AM, Vodafone Gianpaolo Angelo Scalone
> <Gianpaolo-Angelo.Scalone=40vodafone....@dmarc.ietf.org
> <mailto:Gianpaolo-Angelo.Scalone=40vodafone....@dmarc.ietf.org>> wrote:
>> Hi,
>>
>> I think that we have now 2 good potential compromises:
>>
>> A browser interstitial page explaining that the following page is generated
>> by the service that blocked the actual page, with a button indicating
>> “proceed to the blocking page” and another “dismiss”
>> A graphical representation of the blocking page, rendered as image with no
>> clickable links, with a button indicating “proceed to the blocking page” and
>> another “dismiss”
>>
>> This would be understandable by customers and provide a good user experience
>> and security.
>>
>> In addition we could start thinking about a reputation mechanism.
>>
>>
>> Kind regards
>>
>>
>> Gianpaolo
>>
>>
>> C2 General
>> _______________________________________________
>> DNSOP mailing list
>> DNSOP@ietf.org <mailto:DNSOP@ietf.org>
>> https://www.ietf.org/mailman/listinfo/dnsop
>>
>
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
