Hi Tale, > On 5 Nov 2023, at 15:55, Dave Lawrence <tale@xxxxxx> wrote: > > One last bit of wondering I have is about this paragraph from Security > Considerations: > > "This method can be abused by intentionally deploying broken zones > with agent domains that are delegated to victims. This is > particularly effective when DNS requests that trigger error > messages are sent through open resolvers [RFC8499] or widely > distributed network monitoring systems that perform distributed > queries from around the globe." > > Is this a novel risk presented by the proposal? Any more than, say, a > random subdomain attack targeted directly at the agent domain? Nope, not a novel risk, but it was added at the request of some security focused folk. Roy
<<attachment: smime.p7s>>
-- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call
