On 2024-03-17 20:12 -07, internet-dra...@ietf.org wrote:
> Internet-Draft draft-ietf-dnsop-ns-revalidation-06.txt is now available. It is

| 7.  Security Considerations
| [...]
| In case of non DNSSEC validating
| resolvers, an attacker controlling a rogue name server for the root
| has potentially complete control over the entire domain name space
| and can alter all unsigned parts undetected.

can alter *all* parts undetected.

It's a non-DNSSEC validating resolver, it doesn't care about signed or
unsigned. Maybe just drop that sentence, it doesn't add much.

-- 
In my defence, I have been left unsupervised.

_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Reply via email to