The authors took a stab at text explaining mitigations which seem to have not
met the WG's needs.
Removing HTTP would allow the document to move forward. If someone finds a
suitable way to weaken (or even prevent) malicious use of http in the Contact
field by the DoH/DoT operator (with an
Internet-Draft is a work item of the Domain Name System
> Operations (DNSOP) WG of the IETF.
>
> Title : Structured Error Data for Filtered DNS
> Authors : Dan Wing
> Tirumaleswar Reddy
> Neil Cook
>
EDE length=2 with INFO-CODE=0 works nicely.
Also because non-EDE-aware DNS responders can be vulnerable to attacks
described in Security Considerations, the Security Considerations section
currently suggests clients use draft-ietf-add-resolver-info to check if server
supports EDE. This needs
Title : Structured Error Data for Filtered DNS
>Authors : Dan Wing
> Tirumaleswar Reddy
> Neil Cook
> Mohamed Boucadair
> Filename: draft-ietf-dnsop-structured-dns-error-00.txt
We updated dnsop-structured-dns-error-page:
* Require using RESINFO [I-D.reddy-add-resolver-info] in client
processing and added discussion of attack mitigation of using
RESINFO.
* Removed validation of URI domain suffix, which we can't do for
some URLs (e.g., tel:), is difficult/impossible for
We recently published -01 of Structured Data for Filtered DNS based on WG
feedback from IETF 111. We also incorporated both motivational and normative
text from draft-reddy-dnsop-error-page. New version at:
https://datatracker.ietf.org/doc/html/draft-wing-dnsop-structured-dns-error-page-01
We just published Structured Data for DNS Access Denied Error Page which
defines computer-parsable error information for DNS filtering:
DNS clients using services which perform filtering may wish to
receive more information about such filtering and the reason for that
filtering. To
On Jan 9, 2020, at 10:22 AM, Vladimír Čunát wrote:
> I see a bigger problem that some of desired assertions are in principle
> unverifiable, e.g. "no logging". Of course, we could (optionally) extend the
> string by a signature, but I suspect that'd increase the length a lot without
>
On 21-Jan-2016 07:39 am, Tim Wicinski wrote:
>
> DNSOP,
>
> Joel our AD sent this note out two weeks ago to get some working group
> consensus on this discussion which came up during the IESG telechat on
> tcp-keepalive
>
> I am in agreement with Joel on this
On Jun 3, 2014, at 10:26 AM, Phillip Hallam-Baker i...@hallambaker.com wrote:
On Tue, May 20, 2014 at 12:06 AM, joel jaeggli joe...@bogus.com wrote:
On 5/19/14, 1:09 PM, John Heidemann wrote:
Folks,
I believe consensus was that dnsop needs a problem statement about DNS
privacy before we
For discussion.
DNS queries and responses are visible to network elements on the path
between the DNS client and its server. These queries and responses
can contain privacy-sensitive information which is valuable to
protect. An active attacker can send bogus responses causing
On Apr 23, 2014, at 7:26 AM, Paul Hoffman paul.hoff...@vpnc.org wrote:
On Apr 23, 2014, at 6:47 AM, Dan Wing d...@danwing.org wrote:
For discussion.
DNS queries and responses are visible to network elements on the path
between the DNS client and its server. These queries and responses
-Original Message-
From: John Jason Brzozowski
[mailto:john_brzozow...@cable.comcast.com]
Sent: Wednesday, March 31, 2010 9:23 PM
To: Dan Wing; Igor Gashinsky
Cc: Andrew Sullivan; dnsop@ietf.org
Subject: Re: [DNSOP] FYI: DNSOPS presentation
On 3/31/10 5:12 PM, Dan Wing dw
On Wed, 31 Mar 2010, Dan Wing wrote:
:: Users running IE6 today are IPv4-only users. If/when they go
:: to IPv6, they will be running Windows 7 and whatever browser
:: is shipped by Microsoft.
Why do you say that? As far as I know, IE6 is an ipv6-capable
browser,
as long as it's
-Original Message-
From: John Jason Brzozowski
[mailto:john_brzozow...@cable.comcast.com]
Sent: Wednesday, March 31, 2010 1:57 PM
To: Igor Gashinsky; Dan Wing
Cc: Andrew Sullivan; dnsop@ietf.org
Subject: Re: [DNSOP] FYI: DNSOPS presentation
On 3/31/10 4:37 PM, Igor Gashinsky i
-Original Message-
From: Igor Gashinsky [mailto:i...@gashinsky.net]
Sent: Wednesday, March 31, 2010 2:19 PM
To: Dan Wing
Cc: dnsop@ietf.org; 'Andrew Sullivan'
Subject: RE: [DNSOP] FYI: DNSOPS presentation
On Wed, 31 Mar 2010, Dan Wing wrote:
:: On Wed, 31 Mar 2010, Dan
:: It seems solvably operationally, by asking ISPs to point their
:: IPv4-only subscribers at an ISP-operated DNS server which
:: purposefully breaks responses (returns empty answer), and
:: to point their dual-stack subscribers at an ISP-operated DNS
:: server which functions
-Original Message-
From: dnsop-boun...@ietf.org [mailto:dnsop-boun...@ietf.org]
On Behalf Of Andrew Sullivan
Sent: Tuesday, July 21, 2009 12:13 PM
To: dnsop@ietf.org
Subject: Re: [DNSOP] Stockholm meeting slot assignment CHANGED
On Tue, Jul 21, 2009 at 02:37:09PM -0400, John
-Original Message-
From: dnsop-boun...@ietf.org [mailto:dnsop-boun...@ietf.org]
On Behalf Of Livingood, Jason
Sent: Thursday, July 09, 2009 8:24 AM
To: dnsop@ietf.org
Subject: [DNSOP] Review of draft-livingood-dns-redirect-00
I submitted this draft, which you can find at
19 matches
Mail list logo