Re: [DNSOP] Call for Adoption: Structured Data for Filtered DNS
All The Call for adoption for draft-wing-dnsop-structured-dns-error-page has finished and there was consensus to adopt. Thanks to everyone for speaking up, as it helped the chairs in their decision. Working with the authors uploading a newly named document, etc. thanks tim On Sun, Jan 22, 2023 at 3:36 PM Tim Wicinski wrote: > > All > > The chairs have received feedback for DNSOP to adopt this document, and > I've > wrestled with this document.We have received feedback when presented > to adopt this work. We've also had some conversations with folks who > offer DNS services to enterprises they have had some customer interest. > I will say personally that I am sure I can find some individuals at my > current employer who would get very interested in this also. > So the best thing to do is - see what the Working Group says. > > If you work for someone who is interested in this, please let us know. > If you work for someone who has customers interested in this, please let > us know. > If you plan on implementing this (or not!), please let us know. > > If you feel less comfortable speaking publicly, please reach out to the > chairs. > > > This starts a Call for Adoption for > draft-wing-dnsop-structured-dns-error-page > > The draft is available here: > > https://datatracker.ietf.org/doc/draft-wing-dnsop-structured-dns-error-page/ > Please review this draft to see if you think it is suitable for adoption > by DNSOP, and send any comments to the list, clearly stating your view. > > Please also indicate if you are willing to contribute text, review, etc. > > This call for adoption ends: February 5th, 2023 > > Thanks, > tim wicinski > For DNSOP co-chairs > ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
Re: [DNSOP] Call for Adoption: Structured Data for Filtered DNS
On Tue, 24 Jan 2023 at 19:28, Tim Wicinski wrote:
>8
> One thing which concerns me is the updating of RFC8914. RFC8914 has only been
> out a short while, and we're just starting to see deployment out in the world.
It does seem distasteful to pile structured data into a field which
RFC8914 declares to be explanatory text.
The basic idea behind this draft is a good one which could also be
useful in other contexts.
I hope that the authors of RFC8914 might be persuaded to produce an
RFC8914-bis allowing JSON structured data to appear in the EXTRA-TEXT
field. The wire-format remains the same, the structured case being
distinguished by the appearance of a "{" or "[" as the leading
character. The EXTRA-TEXT field should perhaps be renamed EXTRA-INFO
to reflect its more general content.
A quick and dirty modification to perl Net::DNS then produces the following:
;; {"EDNS-VERSION":0,
;;"FLAGS":"",
;;"RCODE":0,
;;"UDPSIZE":0,
;;"OPTIONS":[
;;{ "EXTENDED-ERROR": { "EXTRA-TEXT": { "c": [ "tel:+358-555-1234567",
;;"sips:b...@bobphone.example.com",
;;"https://ticket.example.com?d=example.org=1650560748; ],
;;"j": "malware present for 23 days", "o":
"example.net Filtering Service", "s": 1
;;}, "INFO-CODE": 123 } } ]
;;}
--Dick
___
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
Re: [DNSOP] Call for Adoption: Structured Data for Filtered DNS
(Speaking only for myself) One thing which concerns me is the updating of RFC8914. RFC8914 has only been out a short while, and we're just starting to see deployment out in the world. If adopted, I hope that Much Smarter DNS People(tm) will evaluate these changes. tim On Sun, Jan 22, 2023 at 3:36 PM Tim Wicinski wrote: > > All > > The chairs have received feedback for DNSOP to adopt this document, and > I've > wrestled with this document.We have received feedback when presented > to adopt this work. We've also had some conversations with folks who > offer DNS services to enterprises they have had some customer interest. > I will say personally that I am sure I can find some individuals at my > current employer who would get very interested in this also. > So the best thing to do is - see what the Working Group says. > > If you work for someone who is interested in this, please let us know. > If you work for someone who has customers interested in this, please let > us know. > If you plan on implementing this (or not!), please let us know. > > If you feel less comfortable speaking publicly, please reach out to the > chairs. > > > This starts a Call for Adoption for > draft-wing-dnsop-structured-dns-error-page > > The draft is available here: > > https://datatracker.ietf.org/doc/draft-wing-dnsop-structured-dns-error-page/ > Please review this draft to see if you think it is suitable for adoption > by DNSOP, and send any comments to the list, clearly stating your view. > > Please also indicate if you are willing to contribute text, review, etc. > > This call for adoption ends: February 5th, 2023 > > Thanks, > tim wicinski > For DNSOP co-chairs > ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
Re: [DNSOP] Call for Adoption: Structured Data for Filtered DNS
It appears that Tim Wicinski said: >Please also indicate if you are willing to contribute text, review, etc. I think it's worth adopting. My main concern is that it appears to assume that everyone in the world can read English error messages, a problem it shares with RFC 8914. I can think of various ways to fix it, ranging from just document the issue (for things like SOHO routers which already have a way to configure the language for messages), fake it with geolocation and pretend Belgium doesn't exist, or have an optional EDNS0 parameter going the other way to say what languages you prefer. R's, John ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
Re: [DNSOP] Call for Adoption: Structured Data for Filtered DNS
I support adoption. I also suggest the authors take a look at two long-ago-expired I-Ds that are related to this subject: https://www.ietf.org/archive/id/draft-livingood-dns-malwareprotect-02.html https://www.ietf.org/archive/id/draft-livingood-dns-redirect-03.html Lastly, to the contents of the current draft, I offer the authors the following: * Section 10: Initial sub-errors. There is too little difference between the various options (e.g., phishing & spam). I suggest instead using more clearly differentiated reasons, such as: 0: Reserved 1: Security Policy 2: Privacy Policy (e.g., ad-blocking) 3: Content Policy (e.g., age-limited content) 4: Network Operator Policy 5: Government Policy * Should any implementer make available a public recursive interface of some type (whether DNS or a web page – does not matter) to allow 3rd party auth domains to check whether their FQDN is filtered? Or just certain types of implementers (e.g., ISPs)? * Is there a mechanism for auth domains to determine why their FQDN was filtered and to request a review? For example, similar to email bulk senders and spam, can they determine what list is responsible for the filter and work with that provider to remediate their practices and get the FQDN re-classified and unfiltered? Thanks Jason From: DNSOP on behalf of Tim Wicinski Date: Sunday, January 22, 2023 at 15:36 To: dnsop Cc: dnsop-chairs Subject: [DNSOP] Call for Adoption: Structured Data for Filtered DNS All The chairs have received feedback for DNSOP to adopt this document, and I've wrestled with this document.We have received feedback when presented to adopt this work. We've also had some conversations with folks who offer DNS services to enterprises they have had some customer interest. I will say personally that I am sure I can find some individuals at my current employer who would get very interested in this also. So the best thing to do is - see what the Working Group says. If you work for someone who is interested in this, please let us know. If you work for someone who has customers interested in this, please let us know. If you plan on implementing this (or not!), please let us know. If you feel less comfortable speaking publicly, please reach out to the chairs. This starts a Call for Adoption for draft-wing-dnsop-structured-dns-error-page The draft is available here: https://datatracker.ietf.org/doc/draft-wing-dnsop-structured-dns-error-page/<https://urldefense.com/v3/__https:/datatracker.ietf.org/doc/draft-wing-dnsop-structured-dns-error-page/__;!!CQl3mcHX2A!HKmlmIrovTfkWYeTeuUoE4mf8b4Ps2sX2AYSpFVPs4SNQF0CBU31kJKYYaKf51ZZ0xASDce2ybx1dKMOQM-_RcS-Ug$> Please review this draft to see if you think it is suitable for adoption by DNSOP, and send any comments to the list, clearly stating your view. Please also indicate if you are willing to contribute text, review, etc. This call for adoption ends: February 5th, 2023 Thanks, tim wicinski For DNSOP co-chairs ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
Re: [DNSOP] Call for Adoption: Structured Data for Filtered DNS
I would support adoption of this document and will send my feedback as soon as i can. On Mon, 23 Jan 2023 at 00:36, Tim Wicinski wrote: > > > All > > The chairs have received feedback for DNSOP to adopt this document, and I've > wrestled with this document.We have received feedback when presented > to adopt this work. We've also had some conversations with folks who > offer DNS services to enterprises they have had some customer interest. > I will say personally that I am sure I can find some individuals at my > current employer who would get very interested in this also. > So the best thing to do is - see what the Working Group says. > > If you work for someone who is interested in this, please let us know. > If you work for someone who has customers interested in this, please let us > know. > If you plan on implementing this (or not!), please let us know. > > If you feel less comfortable speaking publicly, please reach out to the > chairs. > > > This starts a Call for Adoption for draft-wing-dnsop-structured-dns-error-page > > The draft is available here: > https://datatracker.ietf.org/doc/draft-wing-dnsop-structured-dns-error-page/ > Please review this draft to see if you think it is suitable for adoption > by DNSOP, and send any comments to the list, clearly stating your view. > > Please also indicate if you are willing to contribute text, review, etc. > > This call for adoption ends: February 5th, 2023 > > Thanks, > tim wicinski > For DNSOP co-chairs > ___ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
Re: [DNSOP] Call for Adoption: Structured Data for Filtered DNS
On Mon, 23 Jan 2023 at 20:37, Paul Wouters wrote: > On Sun, 22 Jan 2023, Tim Wicinski wrote: > > > Subject: [DNSOP] Call for Adoption: Structured Data for Filtered DNS > > > This starts a Call for Adoption for > draft-wing-dnsop-structured-dns-error-page > > I have no objection to adoption. I say this instead of "yes" to adoption > because: > > A client might choose to display the information in the > EXTRA-TEXT field if and only if the encrypted resolver has > sufficient reputation, according to some local policy (e.g. user > configuration, administrative configuration, or a built-in list > of respectable resolvers). This limits the ability of a malicious > encrypted resolver to cause harm. > > While this limits the risks, it also strongly limits its applicability. > Eg it is mostly useful for wireless carriers and not at all for wifi > hotspots. > In the case of WiFi hotspots , the free-form text of "c" and "o" is not displayed. However, the client can display the resolver hostname that blocked the domain, error description for the EDE code and the suberror description for the "s'" field to the end-user. -Tiru > > I do have a number of other issues with the draft, but those can be > discussed > after adoption. > > Paul > > ___ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop > ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
Re: [DNSOP] Call for Adoption: Structured Data for Filtered DNS
Hello, I support adoption of this draft. Adding more structured information will help clients provide more useful experiences when they encounter blocked/filtered error codes. Best, Tommy > On Jan 22, 2023, at 12:36 PM, Tim Wicinski wrote: > > > All > > The chairs have received feedback for DNSOP to adopt this document, and I've > wrestled with this document.We have received feedback when presented > to adopt this work. We've also had some conversations with folks who > offer DNS services to enterprises they have had some customer interest. > I will say personally that I am sure I can find some individuals at my > current employer who would get very interested in this also. > So the best thing to do is - see what the Working Group says. > > If you work for someone who is interested in this, please let us know. > If you work for someone who has customers interested in this, please let us > know. > If you plan on implementing this (or not!), please let us know. > > If you feel less comfortable speaking publicly, please reach out to the > chairs. > > > This starts a Call for Adoption for draft-wing-dnsop-structured-dns-error-page > > The draft is available here: > https://datatracker.ietf.org/doc/draft-wing-dnsop-structured-dns-error-page/ > Please review this draft to see if you think it is suitable for adoption > by DNSOP, and send any comments to the list, clearly stating your view. > > Please also indicate if you are willing to contribute text, review, etc. > > This call for adoption ends: February 5th, 2023 > > Thanks, > tim wicinski > For DNSOP co-chairs > ___ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
Re: [DNSOP] Call for Adoption: Structured Data for Filtered DNS
Hi all, I support this work, as an author. FWIW, I don’t have any IPR related to this document. Cheers, Med De : DNSOP De la part de Tim Wicinski Envoyé : dimanche 22 janvier 2023 21:36 À : dnsop Cc : dnsop-chairs Objet : [DNSOP] Call for Adoption: Structured Data for Filtered DNS All The chairs have received feedback for DNSOP to adopt this document, and I've wrestled with this document.We have received feedback when presented to adopt this work. We've also had some conversations with folks who offer DNS services to enterprises they have had some customer interest. I will say personally that I am sure I can find some individuals at my current employer who would get very interested in this also. So the best thing to do is - see what the Working Group says. If you work for someone who is interested in this, please let us know. If you work for someone who has customers interested in this, please let us know. If you plan on implementing this (or not!), please let us know. If you feel less comfortable speaking publicly, please reach out to the chairs. This starts a Call for Adoption for draft-wing-dnsop-structured-dns-error-page The draft is available here: https://datatracker.ietf.org/doc/draft-wing-dnsop-structured-dns-error-page/ Please review this draft to see if you think it is suitable for adoption by DNSOP, and send any comments to the list, clearly stating your view. Please also indicate if you are willing to contribute text, review, etc. This call for adoption ends: February 5th, 2023 Thanks, tim wicinski For DNSOP co-chairs _ Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. This message and its attachments may contain confidential or privileged information that may be protected by law; they should not be distributed, used or copied without authorisation. If you have received this email in error, please notify the sender and delete this message and its attachments. As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. Thank you. ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
Re: [DNSOP] Call for Adoption: Structured Data for Filtered DNS
On Sun, 22 Jan 2023, Tim Wicinski wrote: Subject: [DNSOP] Call for Adoption: Structured Data for Filtered DNS This starts a Call for Adoption for draft-wing-dnsop-structured-dns-error-page I have no objection to adoption. I say this instead of "yes" to adoption because: A client might choose to display the information in the EXTRA-TEXT field if and only if the encrypted resolver has sufficient reputation, according to some local policy (e.g. user configuration, administrative configuration, or a built-in list of respectable resolvers). This limits the ability of a malicious encrypted resolver to cause harm. While this limits the risks, it also strongly limits its applicability. Eg it is mostly useful for wireless carriers and not at all for wifi hotspots. I do have a number of other issues with the draft, but those can be discussed after adoption. Paul ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
Re: [DNSOP] Call for Adoption: Structured Data for Filtered DNS
> Il 22/01/2023 21:36 CET Tim Wicinski ha scritto: > > If you work for someone who is interested in this, please let us know. > If you work for someone who has customers interested in this, please let us > know. > If you plan on implementing this (or not!), please let us know. > We definitely plan to implement this in the PowerDNS platform once it's done. -- Vittorio Bertola | Head of Policy & Innovation, Open-Xchange vittorio.bert...@open-xchange.com mailto:vittorio.bert...@open-xchange.com Office @ Via Treviso 12, 10144 Torino, Italy ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
Re: [DNSOP] Call for Adoption: Structured Data for Filtered DNS
I am in favour of adoption, Neil > On 22 Jan 2023, at 20:36, Tim Wicinski wrote: > > > All > > The chairs have received feedback for DNSOP to adopt this document, and I've > wrestled with this document.We have received feedback when presented > to adopt this work. We've also had some conversations with folks who > offer DNS services to enterprises they have had some customer interest. > I will say personally that I am sure I can find some individuals at my > current employer who would get very interested in this also. > So the best thing to do is - see what the Working Group says. > > If you work for someone who is interested in this, please let us know. > If you work for someone who has customers interested in this, please let us > know. > If you plan on implementing this (or not!), please let us know. > > If you feel less comfortable speaking publicly, please reach out to the > chairs. > > > This starts a Call for Adoption for draft-wing-dnsop-structured-dns-error-page > > The draft is available here: > https://datatracker.ietf.org/doc/draft-wing-dnsop-structured-dns-error-page/ > Please review this draft to see if you think it is suitable for adoption > by DNSOP, and send any comments to the list, clearly stating your view. > > Please also indicate if you are willing to contribute text, review, etc. > > This call for adoption ends: February 5th, 2023 > > Thanks, > tim wicinski > For DNSOP co-chairs ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
Re: [DNSOP] Call for Adoption: Structured Data for Filtered DNS
Moin! I support adoption of that draft. Akamai already has an implementation of it that we will be releasing to customers shortly. We’ve also seen interest from customers implementing this. So long -Ralf On 22 Jan 2023, at 21:36, Tim Wicinski wrote: > All > > The chairs have received feedback for DNSOP to adopt this document, and > I've > wrestled with this document.We have received feedback when presented > to adopt this work. We've also had some conversations with folks who > offer DNS services to enterprises they have had some customer interest. > I will say personally that I am sure I can find some individuals at my > current employer who would get very interested in this also. > So the best thing to do is - see what the Working Group says. > > If you work for someone who is interested in this, please let us know. > If you work for someone who has customers interested in this, please let us > know. > If you plan on implementing this (or not!), please let us know. > > If you feel less comfortable speaking publicly, please reach out to the > chairs. > > > This starts a Call for Adoption for > draft-wing-dnsop-structured-dns-error-page > > The draft is available here: > https://datatracker.ietf.org/doc/draft-wing-dnsop-structured-dns-error-page/ > Please review this draft to see if you think it is suitable for adoption > by DNSOP, and send any comments to the list, clearly stating your view. > > Please also indicate if you are willing to contribute text, review, etc. > > This call for adoption ends: February 5th, 2023 > > Thanks, > tim wicinski > For DNSOP co-chairs > ___ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop --- Ralf Weber Principal Architect, Carrier Division Akamai Technologies GmbH Parkring 20-22, 85748 Garching phone: +49.89.9400.6174 mobile: +49.151.22659325 Geschäftsführer: David Matthew McDonald Aitken, Justyna Kalina Jankowska Sitz der Gesellschaft: Garching Amtsgericht München HRB 129886 ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
Re: [DNSOP] Call for Adoption: Structured Data for Filtered DNS
I am in favor of adoption. If this is standardized, Quad9 would certainly implement it. -Bill > On Jan 22, 2023, at 9:36 PM, Tim Wicinski wrote: > > > > All > > The chairs have received feedback for DNSOP to adopt this document, and I've > wrestled with this document.We have received feedback when presented > to adopt this work. We've also had some conversations with folks who > offer DNS services to enterprises they have had some customer interest. > I will say personally that I am sure I can find some individuals at my > current employer who would get very interested in this also. > So the best thing to do is - see what the Working Group says. > > If you work for someone who is interested in this, please let us know. > If you work for someone who has customers interested in this, please let us > know. > If you plan on implementing this (or not!), please let us know. > > If you feel less comfortable speaking publicly, please reach out to the > chairs. > > > This starts a Call for Adoption for draft-wing-dnsop-structured-dns-error-page > > The draft is available here: > https://datatracker.ietf.org/doc/draft-wing-dnsop-structured-dns-error-page/ > Please review this draft to see if you think it is suitable for adoption > by DNSOP, and send any comments to the list, clearly stating your view. > > Please also indicate if you are willing to contribute text, review, etc. > > This call for adoption ends: February 5th, 2023 > > Thanks, > tim wicinski > For DNSOP co-chairs > ___ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
[DNSOP] Call for Adoption: Structured Data for Filtered DNS
All The chairs have received feedback for DNSOP to adopt this document, and I've wrestled with this document.We have received feedback when presented to adopt this work. We've also had some conversations with folks who offer DNS services to enterprises they have had some customer interest. I will say personally that I am sure I can find some individuals at my current employer who would get very interested in this also. So the best thing to do is - see what the Working Group says. If you work for someone who is interested in this, please let us know. If you work for someone who has customers interested in this, please let us know. If you plan on implementing this (or not!), please let us know. If you feel less comfortable speaking publicly, please reach out to the chairs. This starts a Call for Adoption for draft-wing-dnsop-structured-dns-error-page The draft is available here: https://datatracker.ietf.org/doc/draft-wing-dnsop-structured-dns-error-page/ Please review this draft to see if you think it is suitable for adoption by DNSOP, and send any comments to the list, clearly stating your view. Please also indicate if you are willing to contribute text, review, etc. This call for adoption ends: February 5th, 2023 Thanks, tim wicinski For DNSOP co-chairs ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
