On 7/31/20 2:34 PM, Paul Wouters wrote:
> The process of a rogue parent is not a purely technical one. It can include a
> legal system, a payment dispute, and many other things.
>
> Per definition, it will be a manual process to confirm if a “changed child”
> is a legitimate change or not.
On Jul 31, 2020, at 05:06, Vladimír Čunát wrote:
>
> Hello dnsop.
>
> So far it's been clear. But now... how do we know that this fake
> victim.evil DS set was not submitted by the registrant? I assume every
> registrant is supposed to watch the logs from everyone for such fakes?
> Sounds
Hello dnsop.
Let me start a simple thought experiment - attacking the planned
scheme. It feels like I'm missing some part of the defense.
A .evil registry is using the DELEGATION_ONLY flag. They additionally
sign a different victim.evil DS set, say adding hash of a DNSKEY they
generated