On 6/30/23 22:15, Paul Wouters wrote:
Section 13:
[...]
an attacker being able to provide a rogue trust anchor is potentially This is not a very realistic attack.
The same section says: On the other hand, mishandling Trust Anchor is likely resulting in a validator unable to validate most of the traffic under the TA. I don't think this argument is particularly relevant, as an attacker with write access to the trust anchors would likely not replace any existing legitimate ones, but rather add the rogue one so that compromised traffic can be injected without causing validation errors otherwise.
I don't think this document contains much valuable content for a DNSSEC operator. I think this document needs to have resolver vendors with their customer support experiences involved in evolving this document.
Noting that only one of the people supporting adoption back in 2020 and offering reviews have contributed such reviews in the last three years (if I looked correctly), and considering that most feedback in the last 12 months has been in opposition to many of the recommendations given in the document (including several times due to serious inaccuracies about how DNSSEC works), I'm wondering if it is still on track. The draft was born almost 10 years ago and adopted more than three years ago; still, as Paul said, it's not clear that it contains much valuable content for a DNSSEC resolver operator. Perhaps the WG should consider abandoning it (although I'm not sure about the process). Best, Peter -- https://desec.io/ _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop