[DNSSEC-Transparency] Validity wrt TTL
5 Mar
2016
5 Mar
'16
1:42 p.m.
On Thu, 11 Feb 2016, Linus Nordberg wrote:
In a long response on the getdnsapi-users list [0] I
reasoned about
validity and time. I'm sure this list could have good input on this.
[0] https://getdnsapi.net/pipermail/users/2016-February/000164.html
A short version is
- should a log limit submissions to those who are "fresh"?
- if so, what are resonable values for freshness?
- would this be useful for more than spam mitigation, i.e. good for
attribution as well?
The problem is that if you don't log keys with very short validity
times, attackers can use those values so they won't end up in the
logs - and perhaps the original/real owner will never find out
about these bogus keys.
It is a spam problem yes. I'm not sure how to fix that :(
Paul