Hi, Given there are several reasons for a domain to be blocked (mandatory reasons in case of court orders, CSAM filtering, customer requested reasons in case a customer opt in to a protective DNS service), today the customer is facing a disorienting user experience, as either if the response is NXDOMAIN or a forged response he is not aware of the real blocking reason and cannot
1. Be aware that the resource he was trying to access is illegal 2. Be aware of the risk of accessing phishing / malware 3. In case he's a child under parental controls 4. In case the blocked resource is a false positive he cannot ask the service owner to recategorize So I think that after many years of ugly user experience in those situation this proposal is fresh air , so I'm fully supportive for this to be published. I'm also supportive about the language tag. While a real blocking page (as we implemented in our PoC) would improve even more the UX, I understand the security concerns so hopefully a solution that uses registered content could be defined later. Thank you Gianpaolo C2 General
_______________________________________________ DNSOP mailing list -- dnsop@ietf.org To unsubscribe send an email to dnsop-le...@ietf.org
