[DNSOP] threat model for draft-ietf-dnsop-domain-verification-techniques
Erik Nygren <erik+ietf@nygren.org> Tue, 20 January 2026 23:32 UTC
Return-Path: <erik+ietf@nygren.org>
X-Original-To: dnsop@mail2.ietf.org
Delivered-To: dnsop@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 365EAAAA4A25 for <dnsop@mail2.ietf.org>; Tue, 20 Jan 2026 15:32:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=nygren.org
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Aevp25rXATAc for <dnsop@mail2.ietf.org>; Tue, 20 Jan 2026 15:32:53 -0800 (PST)
Received: from eos.nygren.org (eos.nygren.org [IPv6:2620:131:f008::e]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id F202FAAA4A1E for <dnsop@ietf.org>; Tue, 20 Jan 2026 15:32:53 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=nygren.org; s=eos-4; h=Content-Type:To:Subject:Message-ID:Date:From:MIME-Version:Sender: Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=zB/f1FqUYSBG/qZMfS1LUSIiCfAQ3rzKL+E3d/zrJ90=; b=Pi5QdMtdpzq9qVkbJV1HdP3qZO c/a3SFHIeYyLOmxZ4TlXkn2+qb9/PUl3lWvt0zz8mmGdK/oNR02/7lD4iVaTPHnSIRcgBn1i2WDSH 3WHBmSpdlszu1c4M6rHWF6Py0KFdglrh7Ku6V3+RenzhIMFOS/ZQ43KBgtRvGQ/Tw18kfufXrTAFV TjxrZt9lZZ8mF9CXIyPp93ixd+Yp36HsCdzWn/MshyNW2r7rHjb2kSqQ8iu/oL4N2FhnSvhIs9IgG D4mXabLk2v95dddU21Xz1OIxeF3kAMzcx9ZkovMLSWcHt9dHchkalQhO1drOdKa7Pcb7fis+ve24v K6QAYbxA==;
Received: from mail-lf1-f41.google.com ([209.85.167.41]) by eos.nygren.org with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.95) (envelope-from <erik+ietf@nygren.org>) id 1viLDR-004Khe-Pe for dnsop@ietf.org; Tue, 20 Jan 2026 18:32:53 -0500
Received: by mail-lf1-f41.google.com with SMTP id 2adb3069b0e04-59b672f8ec4so6476582e87.1 for <dnsop@ietf.org>; Tue, 20 Jan 2026 15:32:53 -0800 (PST)
X-Gm-Message-State: AOJu0YxR6Wgv1tAUDVYKUXr4A/1RpevF9Q+Qtk/88nA90mQcGC6r2RAo f5KFxMdoSjRS57yrgTdC4Z6nNRZqGdjbXOdiss13No4/8xe+U2Z8pWhU9IuhCPhr3CnfYdyradW PuWL85E2EV8yT7a03b+EjI3O1ltFN/6c=
X-Received: by 2002:a05:6512:39ce:b0:59b:b0f9:53e9 with SMTP id 2adb3069b0e04-59dc8f12fdcmr1243125e87.11.1768951972502; Tue, 20 Jan 2026 15:32:52 -0800 (PST)
MIME-Version: 1.0
From: Erik Nygren <erik+ietf@nygren.org>
Date: Tue, 20 Jan 2026 18:32:40 -0500
X-Gmail-Original-Message-ID: <CAKC-DJhn_0w4z9SqWT3hBBFeqE3BnPQwwCWh-Ep_KkjBGyJObQ@mail.gmail.com>
X-Gm-Features: AZwV_QgsUDQlI3Q_26lhOJBVfKgD3ZDWRtQaCJCOqqdXkoQriRGKumbdn25wsq4
Message-ID: <CAKC-DJhn_0w4z9SqWT3hBBFeqE3BnPQwwCWh-Ep_KkjBGyJObQ@mail.gmail.com>
To: dnsop WG <dnsop@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000f2238b0648da392e"
Message-ID-Hash: AUGHIZDIR743IYR3S6G5WKO33EPNW2SD
X-Message-ID-Hash: AUGHIZDIR743IYR3S6G5WKO33EPNW2SD
X-MailFrom: erik+ietf@nygren.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-dnsop.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [DNSOP] threat model for draft-ietf-dnsop-domain-verification-techniques
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/6kKUg_ROVV-r7qsOlK3CTGzRonI>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Owner: <mailto:dnsop-owner@ietf.org>
List-Post: <mailto:dnsop@ietf.org>
List-Subscribe: <mailto:dnsop-join@ietf.org>
List-Unsubscribe: <mailto:dnsop-leave@ietf.org>
I've written up a first pass PR for a threat model for DCV (draft-ietf-dnsop-domain-verification-techniques): https://github.com/ietf-wg-dnsop/draft-ietf-dnsop-domain-verification-techniques/pull/206 There aren't many precedents for including a threat model in an IETF draft so it's possible that we will need to iterate on this some. Most other threat models appear to be stand-alone RFCs. I drew from STAMP terminology here, but rather than incorporating this as an analysis I list the Unacceptable Losses and Hazards up-front and then reference them throughout from the sections intended to mitigate them. Placement and length of the threat model is also a trade-off here, but given that this draft's purpose is to mitigate the threats it seemed worth including it early on (but not so early as to lack context for the reader). Feedback is welcome. If it looks good we'll fold it in and make a few of the other changes queued up and then publish a new draft. Best, Erik
- [DNSOP] threat model for draft-ietf-dnsop-domain-… Erik Nygren
- [DNSOP] Re: threat model for draft-ietf-dnsop-dom… Ángel González