On 23-10-2020 00:12, Tony Finch wrote:
> Ralph Dolmans <ra...@nlnetlabs.nl> wrote:
>>
>> Thanks for your feedback, appreciated!
>
> Thanks for the response!
>
> I thought of another thing:
>
> Some of the points in section 5 (on limiting the number of queries and the
> performance downsides) should be discussed in section 7 (security
> considerations). In particular QNAME minimization can amplify query volume
> so it can be abused to make random subdomain attacks worse, though that
> can be mitigated by RFC 8020 NXDOMAIN.
Mentioning it in the security considerations makes sense. Note that
RFC8020 won't help you here when the answer is synthesized using a
wildcard, which is also why the example in section 5 has a wildcard
record. Happy to make this more explicit in the text.
Thanks,
Ralph
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
