On 5/6/25 12:48, tirumal reddy wrote:
On Mon, 5 May 2025 at 21:56, Paul Wouters <[email protected]
<mailto:[email protected]>> wrote:
First of all, the contact details are completely untrusted (eg when
obtaining a DNS via DHCP) or superfluous (eg when the user configured
[...]
Note that an attacker being able to give you an email address to use
is very dangerous - it will facilitate endusers to receive malicious
email responses from an attacker.
[...]
I believe this document is actually harmful to endusers, with no
meaningful gains for IT teams. If I was a browser vendor, I would
only allow displaying i18n text for EDE enums.
please elaborate how it is harmful to end-users.
There are multiple examples of that in Paul's previous message [1], one of
which you quoted above.
The other non-quoted examples can be found in that message [1] by Ctrl+F "Use a globally trusted
ID", "desensitized", "incidents number can be customized for tracking", etc.
I'm pointing to these because they have not been answered, so perhaps were
overlooked.
[1]: https://mailarchive.ietf.org/arch/msg/dnsop/nSQrWxfeoEvD6_Fd8U7HpXvbbH4/
Best,
Peter
(hats off)
--
https://desec.io/
_______________________________________________
DNSOP mailing list -- [email protected]
To unsubscribe send an email to [email protected]
