I realise this is very late, but here is a different proposal that attempts to what the structured-dns-error draft attempts:
* Keep RFC 8914 behavior as it is and don't interfere with it.
* Introduce EDNS options FILTERING-ORGANIZATION and FILTERING-CONTACT
that are returned when NXDOMAIN/NODATA responses with RFC 8194 EDE
option with INFO-CODE related to filtering/blocking/censoring
conditions are returned.
* Multiple FILTERING-CONTACT EDNS options may be present. It's up to the
client to figure out how to use them.
* If multiple FILTERING-ORGANIZATION EDNS options are present, the
client uses the first one and ignores the rest.
* The client does not send any EDNS option in queries. It does not need
to as this proposal doesn't walk on RFC 8914's coattails.
* The client uses transport security if it wants transport security for
the answer and/or its EDNS options.
* For draft-nottingham-dnsop-censorship-transparency, introduce a
FILTERING-DB EDNS option. One or more option may be present in
responses.
This would be the ideal DNS way of transferring this information in my
opinion. Converting this to a draft should be straightforward and I can
prepare this draft for the WG without author assignment.
Mukund
signature.asc
Description: PGP signature
_______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
