On 2024-03-17 20:12 -07, internet-dra...@ietf.org wrote: > Internet-Draft draft-ietf-dnsop-ns-revalidation-06.txt is now available. It is
| 7. Security Considerations | [...] | In case of non DNSSEC validating | resolvers, an attacker controlling a rogue name server for the root | has potentially complete control over the entire domain name space | and can alter all unsigned parts undetected. can alter *all* parts undetected. It's a non-DNSSEC validating resolver, it doesn't care about signed or unsigned. Maybe just drop that sentence, it doesn't add much. -- In my defence, I have been left unsupervised. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop