[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

A Deep Dive on the Recent Widespread DNS Hijacking

Subject: A Deep Dive on the Recent Widespread DNS Hijacking
From: woody at pch.net (Bill Woodcock)
Date: Sun, 24 Feb 2019 21:20:59 -0800
In-reply-to: <[email protected]>
References: <[email protected]> <[email protected]> <[email protected]>


> On Feb 24, 2019, at 7:41 PM, Montgomery, Douglas (Fed) <dougm at nist.gov> wrote:
> In the 3rd attack noted below, do we know if the CA that issued the DV CERTS does DNSSEC validation on its DNS challenge queries?

We know that neither Comodo nor Let's Encrypt were DNSSEC validating before issuing certs.  The Letâ??s Encrypt guys at least seemed interested in learning from their mistake.  Canâ??t say as much of Comodo.

                                -Bill

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20190224/1228f4cf/attachment.sig>

Follow-Ups:
- A Deep Dive on the Recent Widespread DNS Hijacking
  - From: hank at efes.iucc.ac.il (Hank Nussbacher)

References:
- A Deep Dive on the Recent Widespread DNS Hijacking
  - From: dougm at nist.gov (Montgomery, Douglas (Fed))
- A Deep Dive on the Recent Widespread DNS Hijacking
  - From: kmedcalf at dessus.com (Keith Medcalf)
- A Deep Dive on the Recent Widespread DNS Hijacking
  - From: dougm at nist.gov (Montgomery, Douglas (Fed))

Prev by Date: A Deep Dive on the Recent Widespread DNS Hijacking
Next by Date: A Deep Dive on the Recent Widespread DNS Hijacking
Previous by thread: A Deep Dive on the Recent Widespread DNS Hijacking
Next by thread: A Deep Dive on the Recent Widespread DNS Hijacking
Index(es):
- Date
- Thread