On Wed, 25 Feb 2026 at 03:35, Mark Nottingham <[email protected]> wrote: > On 24 Feb 2026, at 10:27 pm, tirumal reddy <[email protected]> wrote: > > > > So, is the threat model here that a network attacker wishes to convince > an application (and/or its user) that the DNS response is being filtered, > and then do what? > > > > An attacker could falsely label a legitimate site as malicious via > injected EDE metadata, thereby misleading the end-user. > > Right. I guess I'm wondering why the threat model here is different than > that in RFC8914, which has no such constraint. What benefit would an > attacker get from misleading folks into thinking their internet connection > was being censored? >
For instance, an on-path attacker could supply attacker-controlled contact information, enabling phishing. If an attacker falsely signals “malware” for a legitimate site, the end-user may avoid visiting it, potentially causing reputational harm and reduced user trust . -Tiru > > Cheers, > > -- > Mark Nottingham https://www.mnot.net/ > >
_______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
