Trust Model - Do not allow a service provider to provide text to a user

[pawel-kow]

Fri, 03 Jan 2025 09:32:42 -0800
Paul Hoffman

• Explain the trust models. How does the DNS provider trust a service
  provider? How does the user know that the message asking them to change
  their DNS is actually from the service provider they interacted with
  earlier? How does the DNS provider know what RRsets and subdomains under
  a FQDN that the service provider can modify?

• Do not allow a service provider to provide text to a user; this is a giant security hole because the service provider can give misleading text

[PK] This is well covered I think. Service provider can define its name and the name of its service which is a part of a template. This will be then secured by the DNS provider when onboarding the template. This will be described in the trust model section.

OK, I'll look to see how that gets improved. I am concerned if the service provide can say it's name is "Microsoft Inc." even when it clearly is not, or if a random service provider can name its service "General security update".