Interesting proposal.
"Allowing DNS resolvers to inject user-visible messages brings unique challenges. Because DNS resolvers are often automatically configured by unknown networks and DNS responses are unauthenticated, these messages can come from untrusted parties -- including attackers (e.g., the so-called "coffee shop" attack) that leverage many users' lack of a nuanced model of the trust relationships between all of the parties that are involved in the service they are using. " Can DNSSEC help a bit here ? On Sat, 22 Feb 2025 at 05:42, Mark Nottingham <[email protected]> wrote: > > Hi DNS folk, > > See draft below for an update based upon feedback received. Note that the > short name of the draft isn't really accurate any more, since some of the > feedback was that this could/should be potentially applicable to other > resolvers too. > > Happy to chat with folks about this in Bangkok, either in the hallways or the > session if the chairs agree. Note that I have a conflict on Thursday (I'm > chairing AIPREF at the same time). > > Cheers, > > > Begin forwarded message: > > From: [email protected] > Subject: New Version Notification for > draft-nottingham-public-resolver-errors-01.txt > Date: 22 February 2025 at 12:37:58 pm AEDT > To: "Mark Nottingham" <[email protected]> > > A new version of Internet-Draft draft-nottingham-public-resolver-errors-01.txt > has been successfully submitted by Mark Nottingham and posted to the > IETF repository. > > Name: draft-nottingham-public-resolver-errors > Revision: 01 > Title: DNS Filtering Details for Applications > Date: 2025-02-22 > Group: Individual Submission > Pages: 7 > URL: > https://www.ietf.org/archive/id/draft-nottingham-public-resolver-errors-01.txt > Status: > https://datatracker.ietf.org/doc/draft-nottingham-public-resolver-errors/ > HTML: > https://www.ietf.org/archive/id/draft-nottingham-public-resolver-errors-01.html > HTMLized: > https://datatracker.ietf.org/doc/html/draft-nottingham-public-resolver-errors > Diff: > https://author-tools.ietf.org/iddiff?url2=draft-nottingham-public-resolver-errors-01 > > Abstract: > > [I-D.ietf-dnsop-structured-dns-error] introduces structured error > data for DNS responses that have been filtered. This draft suggests > additions to that mechanism that enable applications to convey the > details of some filtering incidents to their users. > > Discussion Venues > > This note is to be removed before publishing as an RFC. > > Source for this draft and an issue tracker can be found at > https://github.com/mnot/public-resolver-errors. > > > > The IETF Secretariat > > > > -- > Mark Nottingham https://www.mnot.net/ > > _______________________________________________ > DNSOP mailing list -- [email protected] > To unsubscribe send an email to [email protected] _______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
