Hi Vittorio, > On 26 Feb 2025, at 12:43 am, Vittorio Bertola > <vittorio.bertola=40open-xchange....@dmarc.ietf.org> wrote: > >> >> Il 22/02/2025 01:40 WET Mark Nottingham <mnot=40mnot....@dmarc.ietf.org> ha >> scritto: >> Hi DNS folk, >> See draft below for an update based upon feedback received. Note that the >> short name of the draft isn't really accurate any more, since some of the >> feedback was that this could/should be potentially applicable to other >> resolvers too. > Was there any consideration of the potential workload that this model would > put on IANA? If each resolver of the planet (or even just each resolver run > by an entity that provides Internet connectivity services to end-users) had > to register and get a resolver ID, the registry could become quite sizeable - > but perhaps this would not be an issue.
The intent is not to scale to that degree -- indeed, that would be considered a failure, because it would indicate widespread censorship on the Internet. Instead, it's to selectively surface legally mandated censorship when it impacts 'large' services (such as public resolvers) to raise user awareness and reduce confusion. > In general, I am not too convinced by this proposal. Authenticating these > error messages a little better through the registry + URI (domain name) > control mechanism could be a positive thing, but only if it does not > contribute to the gatekeeping of user communication by the browsers. In fact, > at the end of section 1 the draft states clearly that the mechanism will > allow web browsers to decide which resolver operators (ISPs etc) will be > allowed to show explanatory messages to end-users when enacting filters, and > this is yet another centralization of control into the browser oligopoly. I > see the potential risk in enabling any resolver to show arbitrary messages to > users, but possibly the browsers should focus on controlling what kind of > message is presented to the users, rather than who is sending it. If you have a means of doing so without increasing the risk of arbitrary censorship that *isn't* legally mandated, I'm very receptive. From my standpoint, it's necessary to have some party making a judgement call about who is using this mechanism responsibly, and while I share your discomfort with concentration of power, browser vendors are well placed for this, experienced in making such calls, already in place, and seemingly distant from any significant conflict of interest (at least as far as I can see). Cheers, -- Mark Nottingham https://www.mnot.net/ _______________________________________________ DNSOP mailing list -- dnsop@ietf.org To unsubscribe send an email to dnsop-le...@ietf.org
