On Thu 2024-05-23 00:11:36+0200 Ondřej wrote:
So, in this context we should assume that the key rollover might have already started and what would be the impact of delayed updates to a single instance of the root server when assessing the risk and the severity of the incident. We should not just shrug because the luck in timing was on our side this time.
Yes, and this is what RSO(s) would have to consider for making a decision on whether or not an incident would be a 'reportable security incident'.
Frankly, it’s also bit worrying that Cogent had to be alerted by the third party (and the other related bits reported on dns-operations), so I think this deserves a full post-mortem as the bare minimum.
I agree. During the SIR work party calls, the idea of 'informational' reporting has come up quite a few times, Perhaps that caucus might take that up in a future work party. Regards, Robert USC Information Sciences Institute <http://www.isi.edu/> Networking and Cybersecurity Division