On 24 Feb 2026, at 10:27 pm, tirumal reddy <[email protected]> wrote: > > So, is the threat model here that a network attacker wishes to convince an > application (and/or its user) that the DNS response is being filtered, and > then do what? > > An attacker could falsely label a legitimate site as malicious via injected > EDE metadata, thereby misleading the end-user.
Right. I guess I'm wondering why the threat model here is different than that in RFC8914, which has no such constraint. What benefit would an attacker get from misleading folks into thinking their internet connection was being censored? Cheers, -- Mark Nottingham https://www.mnot.net/ _______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
