I've written up a first pass PR for a threat model for DCV (draft-ietf-dnsop-domain-verification-techniques):
https://github.com/ietf-wg-dnsop/draft-ietf-dnsop-domain-verification-techniques/pull/206 There aren't many precedents for including a threat model in an IETF draft so it's possible that we will need to iterate on this some. Most other threat models appear to be stand-alone RFCs. I drew from STAMP terminology here, but rather than incorporating this as an analysis I list the Unacceptable Losses and Hazards up-front and then reference them throughout from the sections intended to mitigate them. Placement and length of the threat model is also a trade-off here, but given that this draft's purpose is to mitigate the threats it seemed worth including it early on (but not so early as to lack context for the reader). Feedback is welcome. If it looks good we'll fold it in and make a few of the other changes queued up and then publish a new draft. Best, Erik
_______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
