[RSSAC Caucus] [SPAM] Re: Security Incident Reporting and c-root incident
Robert Story
rstory at ant.isi.edu
Wed May 22 22:31:07 UTC 2024
On Thu 2024-05-23 00:11:36+0200 Ondřej wrote:
> So, in this context we should assume that the key rollover might have
> already started and what would be the impact of delayed updates to a single
> instance of the root server when assessing the risk and the severity of the
> incident. We should not just shrug because the luck in timing was on our
> side this time.
Yes, and this is what RSO(s) would have to consider for making a decision on
whether or not an incident would be a 'reportable security incident'.
> Frankly, it’s also bit worrying that Cogent had to be alerted by the third
> party (and the other related bits reported on dns-operations), so I think
> this deserves a full post-mortem as the bare minimum.
I agree.
During the SIR work party calls, the idea of 'informational' reporting has
come up quite a few times, Perhaps that caucus might take that up in a future
work party.
Regards,
Robert
USC Information Sciences Institute <http://www.isi.edu/>
Networking and Cybersecurity Division
More information about the rssac-caucus
mailing list