Thank you for the review. On Aug 1, 2024, at 11:33, Klaas Wierenga via Datatracker <nore...@ietf.org> wrote: > > Reviewer: Klaas Wierenga > Review result: Has Nits > > The draft reads well and is clear. I have one question that is maybe worth > answering in the security considerations. What is the impact of retrieving the > trust anchors over http instead of https? Does that lead to a risk of ending > up > with an invalid set of trust anchors?
I agree with Joe that we can't really list all the possible attacks and mitigations. To that end, I propose the following text be added to the Security Considerations: Some of the methods described (such as accessing over the web with or without verifying the signature on the file) have different security properties; users of the trust anchor file need to consider these when choosing whether to load the set of trust anchors. --Paul Hoffman _______________________________________________ DNSOP mailing list -- dnsop@ietf.org To unsubscribe send an email to dnsop-le...@ietf.org
