Op 18-03-2024 om 17:01 schreef Florian Obser:
On 2024-03-17 20:12 -07,internet-dra...@ietf.org wrote:Internet-Draft draft-ietf-dnsop-ns-revalidation-06.txt is now available. It is| 7. Security Considerations | [...] | In case of non DNSSEC validating | resolvers, an attacker controlling a rogue name server for the root | has potentially complete control over the entire domain name space | and can alter all unsigned parts undetected.can alter *all* parts undetected. It's a non-DNSSEC validating resolver, it doesn't care about signed or unsigned. Maybe just drop that sentence, it doesn't add much.
Ah sorry, no the "In case of non DNSSEC validating resolvers" is wrong, this should be "In case of a DNSSEC validating resolver that does not do revalidation, ..."
OpenPGP_0xE5F8F8212F77A498_and_old_rev.asc
Description: OpenPGP public key
OpenPGP_signature.asc
Description: OpenPGP digital signature
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
