On Tue, 6 May 2025 at 16:39, Peter Thomassen <peter@xxxxxxxx> wrote:
On 5/6/25 12:48, tirumal reddy wrote:
> On Mon, 5 May 2025 at 21:56, Paul Wouters <paul@xxxxxxxxx <mailto:paul@xxxxxxxxx>> wrote:
> First of all, the contact details are completely untrusted (eg when
> obtaining a DNS via DHCP) or superfluous (eg when the user configured
[...]
> Note that an attacker being able to give you an email address to use
> is very dangerous - it will facilitate endusers to receive malicious
> email responses from an attacker.
[...]
> I believe this document is actually harmful to endusers, with no
> meaningful gains for IT teams. If I was a browser vendor, I would
> only allow displaying i18n text for EDE enums.
>
>
> please elaborate how it is harmful to end-users.
There are multiple examples of that in Paul's previous message [1], one of which you quoted above.
The other non-quoted examples can be found in that message [1] by Ctrl+F "Use a globally trusted ID", "desensitized", "incidents number can be customized for tracking", etc.
I'm pointing to these because they have not been answered, so perhaps were overlooked.
an
I have only responded to the comments pertaining to draft-ietf-dnsop-structured-dns-error (which is going through IETF LC), not to draft-nottingham-public-resolver-errors (it is a new draft). Could you please clarify which comment you believe I missed for draft-ietf-dnsop-structured-dns-error ?
-Tiru
[1]: https://mailarchive.ietf.org/arch/msg/dnsop/nSQrWxfeoEvD6_Fd8U7HpXvbbH4/
Best,
Peter
(hats off)
--
https://desec.io/
-- last-call mailing list -- last-call@xxxxxxxx To unsubscribe send an email to last-call-leave@xxxxxxxx
