Hi All, I also agree with Paul, memory corruption is a bigger security threat and ZONEMD doesn't protect/address that well. Kind Regards Hafiz --- This message has been scanned via Symantec MessageLabs & SpamDefense Engine On Wed, Jan 4, 2023 at 2:12 PM Andrew McConachie < andrew.mcconachie@icann.org> wrote:
On 20 Dec 2022, at 16:26, Paul Hoffman <paul.hoffman@icann.org> wrote:
On Dec 20, 2022, at 4:21 AM, Andrew McConachie < andrew.mcconachie@icann.org> wrote:
Thanks for everyone who joined the productive to review the RSSAC FAQ
comments on December 15th.
I had an action item to clean up the document and merge the decisions
that were made on the call.
< https://docs.google.com/document/d/1_OOt0EBmEqkH5fCXWK4ts8946C7qeI6okDXtK0qo...
I’ve done that and there are no outstanding suggestions in the Google
doc. If you have any final comments please get them in the Google doc before January 3rd, 2023.
I have made a few small editorial changes. However, I still have a deep concern about question 4.2. If we answer it honestly, it's only going to confuse readers. I propose that we remove it.
Dear All,
This is the one outstanding issue remaining with the FAQ. Paul is suggesting deleting question 4.2, but I would like to hear some other opinions from the Caucus before doing so.
Below is the 4.2 question and answer for your review.
4.2 Is there any chance of the root zone files getting corrupted by any attack or malware?
RFC 8976 defines a mechanism for ensuring the integrity of a DNS zone file using a ZONEMD record that "provides a cryptographic message digest over DNS zone data at rest”. As noted in a statement published by the root-server operators, RSOs will not enable ZONEMD verification for the first year after the initial publication of ZONEMD records. This is not deployed yet, but there are plans to do so in the future.
Thanks, Andrew_______________________________________________ rssac-caucus mailing list rssac-caucus@icann.org https://mm.icann.org/mailman/listinfo/rssac-caucus
_______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.