[RSSAC Caucus] [SPAM] Re: Security Incident Reporting and c-root incident
Paul Ebersman
list-rssac at dragon.net
Wed May 22 23:18:58 UTC 2024
rstory> I can see that argument, but I can also see an argument that
rstory> stale formerly correct data is not as big a deal as unauthorized
rstory> modification to bad data. Does stale data from 1 RSO have a
rstory> 'materially adverse effect' on the RSS?
The issue isn't just "data". It's key/DNSSEC data that would have been
stale. It affected rollovers, which need a safe overlap to not cause
validation failures.
I'd call that material enough to warrant a report.
Certainly, the folks running .INT and .GOV are concerned enough to alter
their schedules.
A report isn't a fine or criminal offense. The RSO group is an operator
group. Operations work better with advanced warning, reports, RCOs, and
mitigations against future failures. That includes incident reports
where the material outage was highly possible but averted.
More information about the rssac-caucus
mailing list