On Fri, 9 May 2025 at 06:19, David Adrian <davad...@umich.edu> wrote:
> Hi all, > > > More generally, I think we should hear from some client vendors > (browsers or otherwise > about what they want here, prior to standardizing anything in this space. > > Apologies for the delay in responding from the perspective of a browser > vendor (Chrome) > > The use case we would like to see in Chrome is to basically duplicate what > is done on the search results page for DMCA, but for DNS resolution errors > caused by legal blocking. I don't have images on hand, but on an, e.g., > Google search results page where some results have been removed due to > DMCA, it says at the bottom something along the lines of "Some search > results have been removed due to a DMCA request. See more information at > the request at Lumen Database [link-to-lumen]". > > The link to Lumen is roughly of the form > https://lumendatabase.org/notices/$id, e.g. > https://lumendatabase.org/notices/51783697. > > We would like to duplicate this on the NXDOMAIN error page in the browser, > for EDE's of BLOCKED or CENSORED. Lumen Database already has information > about legal requests that block the resolution of certain names in certain > regions, and graciously allows us to link to them. The current plan is to > use Mark Nottingham's Public Resolver Errors draft to do so. We see the > preregistration of link URLs to resolver names as a way to mitigate the > risk of allowing arbitrary attacker controlled user-facing messages on > error pages. > > We don't have any real stake in any specific approach, other than: > - We want to render a link > - We do not want to be able to render arbitrary links > - We do not want to render arbitrary attacker-controlled strings in > otherwise trusted UI. > Thank you for sharing the Chrome use case. If you go through the draft https://www.ietf.org/archive/id/draft-ietf-dnsop-structured-dns-error-15.txt, you'll see that it is already aligned with this threat model. The safeguards you mentioned, such as restricting arbitrary user-facing content are consistent with the design and security considerations in the draft. -Tiru > > -dadrian > > > > On Thu, May 8, 2025 at 7:51 AM S Moonesamy <sm+i...@elandsys.com> wrote: > >> Hi Eric, >> >> I made a mistake when I typed the URL. The correct one is >> http://r.elandsys.com/r/57132 Sorry about that. >> >> Regards, >> S. Moonesamy >> >> _______________________________________________ >> DNSOP mailing list -- dnsop@ietf.org >> To unsubscribe send an email to dnsop-le...@ietf.org >> > _______________________________________________ > DNSOP mailing list -- dnsop@ietf.org > To unsubscribe send an email to dnsop-le...@ietf.org >
_______________________________________________ DNSOP mailing list -- dnsop@ietf.org To unsubscribe send an email to dnsop-le...@ietf.org
