Hi Tale, > On 5 Nov 2023, at 15:55, Dave Lawrence <[email protected]> wrote: > > One last bit of wondering I have is about this paragraph from Security > Considerations: > > "This method can be abused by intentionally deploying broken zones > with agent domains that are delegated to victims. This is > particularly effective when DNS requests that trigger error > messages are sent through open resolvers [RFC8499] or widely > distributed network monitoring systems that perform distributed > queries from around the globe." > > Is this a novel risk presented by the proposal? Any more than, say, a > random subdomain attack targeted directly at the agent domain?
Nope, not a novel risk, but it was added at the request of some security focused folk. Roy
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
