Hi, I’m following up on this draft after some hallway discussion. What I’ve been hearing from the audience was that people feel this draft should not be adopted by the WG.
That said, it doesn’t mean this work doesn’t belong to IETF. There is a clear distinction between working groups and IETF at large. If there’s enough interest in pursuing this topic among vendors, ISPs, countries and other interested parties, there’s a process of chartering a new WG where the work could continue. Neither dnsop WG nor dnsop WG chairs are gatekeepers of any work just because it mentions DNS somewhere in the document. Thanks, Ondrej > On 24. 2. 2026, at 10:35, 刘明烜 <[email protected]> > wrote: > > Dear DNSOP Working Group, > > We would like to inform the working group that we have submitted an updated > version of our draft, Considerations for Protective DNS Server Operators. > > In this revision, we primarily updated the section on blocklist selection, > refining the discussion and clarifying the associated considerations for > operators. > > We welcome feedback and comments from the working group. > > Best regards, > Mingxuan Liu > [email protected] > > >> -----原始邮件----- >> 发件人: [email protected] >> 发送时间:2026-01-23 07:58:54 (星期五) >> 收件人: "Baojun Liu" <[email protected]>, "Chaoyi Lu" <[email protected]>, >> "Haixin Duan" <[email protected]>, "Mingxuan Liu" <[email protected]> >> 主题: New Version Notification for draft-liu-dnsop-protective-dns-02.txt >> >> A new version of Internet-Draft draft-liu-dnsop-protective-dns-02.txt has >> been >> successfully submitted by Mingxuan Liu and posted to the >> IETF repository. >> >> Name: draft-liu-dnsop-protective-dns >> Revision: 02 >> Title: Considerations for Protective DNS Server Operators >> Date: 2026-01-21 >> Group: Individual Submission >> Pages: 22 >> URL: >> https://www.ietf.org/archive/id/draft-liu-dnsop-protective-dns-02.txt >> Status: https://datatracker.ietf.org/doc/draft-liu-dnsop-protective-dns/ >> HTML: >> https://www.ietf.org/archive/id/draft-liu-dnsop-protective-dns-02.html >> HTMLized: >> https://datatracker.ietf.org/doc/html/draft-liu-dnsop-protective-dns >> Diff: >> https://author-tools.ietf.org/iddiff?url2=draft-liu-dnsop-protective-dns-02 >> >> Abstract: >> >> Protective DNS is a defense mechanism deployed on recursive resolvers >> to prevent users from accessing malicious domains. For domain names >> in the blocklist, it rewrites DNS resolution responses to point to >> secure destinations (e.g., safe servers) to prevent users from >> accessing malicious entities. >> >> Owing to its effective defenses against common cyber attack >> behaviors—such as command-and-control (C2) communications of >> malware—Protective DNS deployment has surged via various initiatives. >> Not only have renowned DNS service providers adopted this defense, >> but some countries have also launched national-scale deployments. >> Meanwhile, studies analyzing Protective DNS have identified >> implementation diversity. >> >> Thus, this document aims to provide specific operational and security >> considerations for Protective DNS. It is intended primarily for >> entities seeking to deploy Protective DNS for defensive purposes, >> offering deployment and security considerations. >> >> >> >> The IETF Secretariat >> > _______________________________________________ > DNSOP mailing list -- [email protected] > To unsubscribe send an email to [email protected] _______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
