On Aug 16, 2021, at 20:07, Joe Abley <jab...@hopcount.ca> wrote: > > >> >> On Aug 16, 2021, at 19:41, Brian Dickson <brian.peter.dick...@gmail.com> >> wrote: >> >>> On Mon, Aug 16, 2021 at 3:14 PM Ben Schwartz <bem...@google.com> wrote: >>> >>> [...] > > This thread makes me think draft-jabley-dnsop-refer wasn't as insane and > operationally complex as I thought.
The impact of such an attack would be to eliminate any benefits of the REFER Mechanism and revert to the security characteristics of the Standard Mechanism. As long as you proposal is vulnerable to downgrade attacks, it does not actually change anything. It only adds a little audit trail if the parent turns out to be malicious but that too can be mitigated by the parent by replacing the entire child. Paul
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop