Hello DNSOP, as yesterday there was not enough time to discuss the "Structured Error Data for Filtered DNS" drafts in the room, I am sharing my comments here.
I defer the determination on next steps to the authors of both drafts and I have nothing against a merge (technically it does not seem hard). However, the work on draft-structured-dns-error started five years ago, and if we include the pre-adoption drafts, we are now at the 31st revision of the document. So I am afraid of restarting another work cycle that might or might not ever come to consensus and would like to be reassured on this. I understand that no one (except regulators) can force browsers to do something that they do not want to do. Also, I understand their desire to have even a weak form of authentication of error message origins, as a factor in their decision on whether to pass them on to the user in some form. At the same time, for this authentication to deserve standardization, it must be conceived in a way that can reasonably lead to the display of messages by any filtering resolver that has a significant number of users, including those by ISPs - and that's in the range of the tens of thousands at least. I would expect some explicit commitment to this design objective before adopting draft-nottingham. I really find the insistence on the word "censorship" unhelpful. At least in my culture, it is a morally loaded word with a negative attachment which is out of place both in a technical discussion and as a tag for vendors that are just trying to provide malware blocking and parental controls, according to market demands and applicable regulation. It is fine if we want to include policy considerations against the misuse of the protocol for political censorship, but it is IMHO inappropriate to brand the entire mechanism as if censorship was its only or main use case. Thank you for the opportunity to speak. -- Vittorio Bertola | Head of Policy & Innovation, Open-Xchange [email protected] Office @ Via Treviso 12, 10144 Torino, Italy _______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
