Hi Peter,
Dne 22. 06. 23 v 18:10 Peter Thomassen napsal(a):
I would expect the combination of a nameserver not being reachable and
the other party being malicious to be quite a rare event.
A combination of a nameserver being unreachable and an other one being
misconfigured e.g. in the sense of Section 2.2.1 (in the -03 version of
the doc) does not seem too inprobable to me.
Given the probably much more frequent "price" of blocking DS
maintenance, I think this is the right trade-off.
If you think this is the right trade-off, you should write into the
document that this is the right trade-off, and that this consideration
has been made. I would kindly leave the exact wording on you.
Where would you suggest to put more words about that? (Right there, or
in the Security Considerations? Which words?)
I'm not sure. Anyway, the Security Considerations section also claims
"ensuring that an operator in a multi-homing setup cannot unilaterally
modify the delegation", which is not entirely true according to me,
considering the above discussion. If one nameserver becomes (even
temporarily!) unreachable, the inability of unilateral modification is
not ensured. It's only trade-off-ed :)
Also, I addressed all other comments received so far in response to
the adoption call (commits in same repo). For convenience, see the
editor's copy:
https://peterthomassen.github.io/draft-ietf-dnsop-cds-consistency/
Ouch, it seems that in your newest version, Section 2 disappeared
completely. I'd vote for keeping the motivational prose present.
Disclosing the motivations and goals of a standard is a good habit among
RFCs.
Best,
Peter
Cheers,
Libor
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
