I agree that RFC8914 Extended Errors is an improvement and provides some awareness on the reason for blocking, but without knowing the blocking service it is not possible to comply against a block and eventually request a reclassification. I am not suggesting to take whatever text arrives from the DNS provider, but to build a mechanism so that only trusted sources are presented to the user, e.g. using only messages arriving from a DoH server, where the contact is related to the certificate of the DNS server and eventually a registration mechanism is built so that only registered contacts are allowed...
C2 General
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
