[RSSAC Caucus] [SPAM] Re: Security Incident Reporting and c-root incident
Paul Hoffman
paul.hoffman at icann.org
Wed May 22 22:39:25 UTC 2024
Focusing on the "stale data" point:
On May 22, 2024, at 14:20, David Conrad <david.conrad at layer9.tech> wrote:
> If you’re talking about the RSS SIR Working Document, section 4.2 states:
>
> "Data integrity refers to the "correctness" of the data in responses generated by the RSS.
> […]
> Examples of reportable incidents that affect Integrity:
> * Any part of the RSS serving incorrect data for the root zone”
>
> Providing stale data would appear to me to be “serving incorrect data for the root zone.
The question of "how long is it acceptable to serve a version of a root zone after the RZM has issued a new version" was debated extensively during the development of RSSAC047. The recommended threshold in that document is 65 minutes, over the course of an entire month. That is, an RSO would only not pass this metric if its publication latency is worse than 65 minutes averaged over the approximately 60 zones published in a month.
--Paul Hoffman
More information about the rssac-caucus
mailing list