[RSSAC Caucus] [SPAM] Re: Security Incident Reporting and c-root incident
Ondřej Surý
ondrej at sury.org
Wed May 22 22:11:36 UTC 2024
Let me add that CVSS scoring documentation (I know this is not CVE) states - assume the vulnerable configuration.
So, in this context we should assume that the key rollover might have already started and what would be the impact of delayed updates to a single instance of the root server when assessing the risk and the severity of the incident. We should not just shrug because the luck in timing was on our side this time.
Frankly, it’s also bit worrying that Cogent had to be alerted by the third party (and the other related bits reported on dns-operations), so I think this deserves a full post-mortem as the bare minimum.
Cheers,
--
Ondřej Surý (He/Him)
> On 22. 5. 2024, at 23:20, David Conrad <david.conrad at layer9.tech> wrote:
>
> While it’s arguably true that this most recent incident did not impact _resolution_ service, I gather .GOV and .INT (prudently) delayed completing their key change until it has been resolved.
More information about the rssac-caucus
mailing list