Support for "Structured DNS errors" / RFC 8914

MarekWW

Hello, I would like to ask about adding support for RFC 8914 in the Vivaldi Web Browser.

Links:

This feature would be a valuable security addition for Vivaldi users. It would also be great if this option could be included in the mobile and desktop versions.

I believe this belongs in the "Security & Privacy" section and applies to both the mobile and desktop versions of the Vivaldi browser. If this is not the correct section, I apologize.

DoctorG

@MarekWW I guess this will be implemented by Chromium core developers as feature request #40912798 states. And Vivaldi will get from upstream when it is added.

MarekWW

@DoctorG Hello,
Thank you for sharing this link. I wasn't aware that this topic had already been discussed in Chromium. However, I noticed that these discussions took place a year ago, and since no updates related to it have been added since then, I'm not confident that it will be implemented anytime soon.

DoctorG

@MarekWW The Vivaldi development team is small and has not human resources to add the feature at this time.
So we need to wait until Chromium adds it.

MarekWW

@DoctorG
I completely understand that, but considering RFC 8914 as an additional quality-of-life security option would be worth considering.

Several less important and less valuable features have recently been added to Vivaldi. Therefore, there may be an opportunity in the future to add support for RFC 8914. I understand that adding support for RFC 8914 can be challenging for Vivaldi devs. Still, I simply wanted to highlight RFC 8914 as a potentially significant improvement that could be included in Vivaldi.

Perhaps, in a year or two, Vivaldi or Chromium developers will consider adding it. Only time will tell.

Best regards,

Marek

DoctorG

@MarekWW I support all features which make browser more secure.

I pinged a moderator to move your thread into Feature Request forum.

Dr.Flay

Good luck.

I gave up asking for security improvements a few years ago because unless users upvote an idea it is not important.

I pushed for DoH support long before it was no longer a choice, because I noticed that Yandex browser had simply integrated DNSCrypt support.
Nobody understood the need for encrypted authenticatable DNS at that time, so no upvotes.

I pushed for better man-in-the-middle protection and DNS error support when it was doable with an extension. But when the API changed many security extensions died, so no more DANE/TLS validation for us even though it can (and should) be done.
Again people don't understand why they would need to be able to confirm their own DNS and the DNS of the site you are on are actually the right ones.

It could be built in, and now has to be built in because it can't be done any other way, but Google won't do it because it will show users that Google themselves don't configure their sites properly.

Likewise it took over 2 years of pestering before Vivaldi finally sorted their DNSSec configuration. I didn't give up on that so finally Vivaldi domains got sorted, but I shouldn't need to keep pestering for support of existing standard protocols.