On Mon, 23 Feb 2026, Ben Schwartz wrote:
To be clear: the goals of this draft cannot be met using only a registry of error codes. The goal is to allow a resolver to inform the user about the particular legal action (e.g. a particular lawsuit, warrant, cease-and-desist letter, sanctions obligation, etc.) that caused the resolver to refuse a particular query.
It seemed to me the goal was for a resolver to use a browser vetted hardcoded list of blocking providers, who are not neccessarilly the DNS service providers? Where my point is that a QNAME is already a unique identifier to use with the browser's builtin trusted reporter sites. As the DNS resolver response cannot be trusted anyway, and the trust is based on the browser trust for the reporter site, just getting a DNS ENUM error is enough to lookup the trusted reporter site with the QNAME submitted. So I am not sure why a draft is needed? One reason I heard in the past was that the reporter sites (or Lumens at least?) does not support querying by QNAME but only by some internal reference number. But to me that seems odd that a DNS resolver can make the QNAME -> reference number, but a browser could not? Paul _______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
