The dnsop-structured-dns-error draft includes mechanisms for providing structured error information that can be used by clients to display user-friendly messages. It deliberately avoids allowing any free-form or arbitrary full-text fields to be shown directly to end users, precisely to mitigate security risks. We believe this strikes the right balance between user experience and security and do not see a need to change the draft in this regard.
Regarding the relationship to draft-nottingham-public-resolver-errors: That draft is explicitly scoped to public resolvers, whereas dnsop-structured-dns-error is designed to support any deployment model, regardless of how they are discovered and configured. While the drafts may share high-level goals of improving DNS error transparency, their target audiences and operational contexts differ. As such, we don’t believe merging the documents is appropriate. This draft has already been extensively discussed in the DNSOP working group for around 5 years and has evolved based on community input. We believe it is in a stable state and see no need to stall its progress at this stage. -Tiru On Mon, 5 May 2025 at 18:20, Eric Vyncke (evyncke) <evyncke= 40cisco....@dmarc.ietf.org> wrote: > Dear authors and WG, > > > > There have been substantive IETF Last Call comments once extending the > review outside of DNSOP. On my own read of the comments, there are two > critical ones: > > - Are full-text explanations better or worse from UX or security point > of view ? > - Should the draft merge/include/... with > draft-nottingham-public-resolver-errors ? > > > > The above comments could cause major changes in the I-D requiring another > IETF Last Call. If the authors or DNSOP WG prefer, then the draft can be > sent back to the DNSOP WG for more community work. > > > > Regards > > > > -éric > _______________________________________________ > DNSOP mailing list -- dnsop@ietf.org > To unsubscribe send an email to dnsop-le...@ietf.org >
_______________________________________________ DNSOP mailing list -- dnsop@ietf.org To unsubscribe send an email to dnsop-le...@ietf.org
