Re: [DNSOP] I-D Action: draft-ietf-dnsop-structured-dns-error-06.txt

The authors took a stab at text explaining mitigations which seem to have not met the WG's needs. Removing HTTP would allow the document to move forward. If someone finds a suitable way to weaken (or even prevent) malicious use of http in the Contact field by the DoH/DoT operator (with an

[DNSOP] structured-dns-error-03 and EDE-unaware poisoning attack

Internet-Draft is a work item of the Domain Name System > Operations (DNSOP) WG of the IETF. > > Title : Structured Error Data for Filtered DNS > Authors : Dan Wing > Tirumaleswar Reddy > Neil Cook >

Re: [DNSOP] Incompatibility with indicating client support for EDE (draft-ietf-dnsop-structured-dns-error)

EDE length=2 with INFO-CODE=0 works nicely. Also because non-EDE-aware DNS responders can be vulnerable to attacks described in Security Considerations, the Security Considerations section currently suggests clients use draft-ietf-add-resolver-info to check if server supports EDE. This needs

Re: [DNSOP] I-D Action: draft-ietf-dnsop-structured-dns-error-00.txt

Title : Structured Error Data for Filtered DNS >Authors : Dan Wing > Tirumaleswar Reddy > Neil Cook > Mohamed Boucadair > Filename: draft-ietf-dnsop-structured-dns-error-00.txt

[DNSOP] Structured Data update (draft-wing-dnsop-structured-dns-error-page-03)

We updated dnsop-structured-dns-error-page: * Require using RESINFO [I-D.reddy-add-resolver-info] in client processing and added discussion of attack mitigation of using RESINFO. * Removed validation of URI domain suffix, which we can't do for some URLs (e.g., tel:), is difficult/impossible for

[DNSOP] updated to draft-wing-dnsop-structured-dns-error-page-01

We recently published -01 of Structured Data for Filtered DNS based on WG feedback from IETF 111. We also incorporated both motivational and normative text from draft-reddy-dnsop-error-page. New version at: https://datatracker.ietf.org/doc/html/draft-wing-dnsop-structured-dns-error-page-01

[DNSOP] Structured Data for DNS Access Denied Error Page

We just published Structured Data for DNS Access Denied Error Page which defines computer-parsable error information for DNS filtering: DNS clients using services which perform filtering may wish to receive more information about such filtering and the reason for that filtering. To

Re: [DNSOP] [dns-privacy] DNS stamps

On Jan 9, 2020, at 10:22 AM, Vladimír Čunát wrote: > I see a bigger problem that some of desired assertions are in principle > unverifiable, e.g. "no logging". Of course, we could (optionally) extend the > string by a signature, but I suspect that'd increase the length a lot without >

Re: [DNSOP] draft-ietf-dnsop-edns-tcp-keepalive-05

On 21-Jan-2016 07:39 am, Tim Wicinski wrote: > > DNSOP, > > Joel our AD sent this note out two weeks ago to get some working group > consensus on this discussion which came up during the IESG telechat on > tcp-keepalive > > I am in agreement with Joel on this

Re: [DNSOP] [perpass] draft-bortzmeyer-dnsop-dns-privacy (was: DNS privacy : now at least two drafts)

On Jun 3, 2014, at 10:26 AM, Phillip Hallam-Baker i...@hallambaker.com wrote: On Tue, May 20, 2014 at 12:06 AM, joel jaeggli joe...@bogus.com wrote: On 5/19/14, 1:09 PM, John Heidemann wrote: Folks, I believe consensus was that dnsop needs a problem statement about DNS privacy before we

[DNSOP] DNS over DTLS (DNSoD)

For discussion. DNS queries and responses are visible to network elements on the path between the DNS client and its server. These queries and responses can contain privacy-sensitive information which is valuable to protect. An active attacker can send bogus responses causing

Re: [DNSOP] DNS over DTLS (DNSoD)

On Apr 23, 2014, at 7:26 AM, Paul Hoffman paul.hoff...@vpnc.org wrote: On Apr 23, 2014, at 6:47 AM, Dan Wing d...@danwing.org wrote: For discussion. DNS queries and responses are visible to network elements on the path between the DNS client and its server. These queries and responses

Re: [DNSOP] FYI: DNSOPS presentation

-Original Message- From: John Jason Brzozowski [mailto:john_brzozow...@cable.comcast.com] Sent: Wednesday, March 31, 2010 9:23 PM To: Dan Wing; Igor Gashinsky Cc: Andrew Sullivan; dnsop@ietf.org Subject: Re: [DNSOP] FYI: DNSOPS presentation On 3/31/10 5:12 PM, Dan Wing dw

Re: [DNSOP] FYI: DNSOPS presentation

On Wed, 31 Mar 2010, Dan Wing wrote: :: Users running IE6 today are IPv4-only users. If/when they go :: to IPv6, they will be running Windows 7 and whatever browser :: is shipped by Microsoft. Why do you say that? As far as I know, IE6 is an ipv6-capable browser, as long as it's

Re: [DNSOP] FYI: DNSOPS presentation

-Original Message- From: John Jason Brzozowski [mailto:john_brzozow...@cable.comcast.com] Sent: Wednesday, March 31, 2010 1:57 PM To: Igor Gashinsky; Dan Wing Cc: Andrew Sullivan; dnsop@ietf.org Subject: Re: [DNSOP] FYI: DNSOPS presentation On 3/31/10 4:37 PM, Igor Gashinsky i

Re: [DNSOP] FYI: DNSOPS presentation

-Original Message- From: Igor Gashinsky [mailto:i...@gashinsky.net] Sent: Wednesday, March 31, 2010 2:19 PM To: Dan Wing Cc: dnsop@ietf.org; 'Andrew Sullivan' Subject: RE: [DNSOP] FYI: DNSOPS presentation On Wed, 31 Mar 2010, Dan Wing wrote: :: On Wed, 31 Mar 2010, Dan

Re: [DNSOP] FYI: DNSOPS presentation

:: It seems solvably operationally, by asking ISPs to point their :: IPv4-only subscribers at an ISP-operated DNS server which :: purposefully breaks responses (returns empty answer), and :: to point their dual-stack subscribers at an ISP-operated DNS :: server which functions

Re: [DNSOP] Stockholm meeting slot assignment CHANGED

-Original Message- From: dnsop-boun...@ietf.org [mailto:dnsop-boun...@ietf.org] On Behalf Of Andrew Sullivan Sent: Tuesday, July 21, 2009 12:13 PM To: dnsop@ietf.org Subject: Re: [DNSOP] Stockholm meeting slot assignment CHANGED On Tue, Jul 21, 2009 at 02:37:09PM -0400, John

Re: [DNSOP] Review of draft-livingood-dns-redirect-00

-Original Message- From: dnsop-boun...@ietf.org [mailto:dnsop-boun...@ietf.org] On Behalf Of Livingood, Jason Sent: Thursday, July 09, 2009 8:24 AM To: dnsop@ietf.org Subject: [DNSOP] Review of draft-livingood-dns-redirect-00 I submitted this draft, which you can find at