Hi Paul, > On 30 Apr 2025, at 11:30 am, Paul Wouters <paul@xxxxxxxxx> wrote: > > On Wed, 30 Apr 2025, Mark Nottingham wrote: > > [ speaking as individual ] > >> Now, we could talk about defaults and how that inertia tends to empower a few operators, but how this mechanism makes that situation worse isn't readily apparent. > > If browsers only display proper error messages when using a few well > known DNS servers, than I think that is apparent. I'd agree, *if* being able to show DNS filtering / censorship error messages can be argued to be a significant competitive advantage for resolvers. I tend to think about this in terms of getting the message that censorship is happening out there. One of the assumptions that the draft makes is that it's not feasible to show details on every blocked response, for a variety of reasons. So, it allows browsers to select those that they decide are trustworthy enough to show those messages, in order to get that message out. How many resolvers they choose to bless in this fashion is a good question; likewise, questions about how they decide and what governance institutions would be put in place are very good ones to ask. To me, those answers have the most influence over the likelihood of this approach having a centralising effect. I'd love to hear responses from the browser vendors about this, and would be happy to help sketch out some answers -- although just like in other areas, actually defining those rules and institutions are likely out of scope for the IETF. That doesn't mean we shouldn't be aware of, contribute to, and watch those efforts, of course. > I'm also not sure what the security model is of this: > > Generators MUST only use values that are registered in the DNS > Resolver Operator registry; see Section 4.2. Consumers MUST > ignore unregistered values, and MAY ignore registered values. > > What prevents an attacking from using the Google DNS ID and then putting > a malicious text like "visit www.fbi.dev to avoid being arrested" in the > text ? Even if the text is not clickable, some people will fall for it. The text isn't shown in the current approach taken by my draft; only the URL. Most of the rest of your comments seem to rely on the text being shown, so I won't respond to them for now. Cheers, -- Mark Nottingham https://www.mnot.net/ -- last-call mailing list -- last-call@xxxxxxxx To unsubscribe send an email to last-call-leave@xxxxxxxx
