[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

A Deep Dive on the Recent Widespread DNS Hijacking

Subject: A Deep Dive on the Recent Widespread DNS Hijacking
From: woody at pch.net (Bill Woodcock)
Date: Tue, 26 Feb 2019 12:58:50 -0800
In-reply-to: <[email protected]>
References: <[email protected]>


> On Feb 26, 2019, at 8:12 AM, John Levine <johnl at iecc.com> wrote:
> 
> In article <CAD6AjGTBNZ8wTv6Y1KgTvNaW6Zi87RLprQK2Lg=d0evK8ot7=g at mail.gmail.com> you write:
>> Swapping the DNS cabal for the CA cabal is not an improvement. Right?  They
>> are really the same arbitraging rent-seekers, just different layers.
> 
> The models are different.  If I want to compromise your DNS I need to
> attack your specific registrar.  If I want a bogus cert, any of the
> thousand CAs in my browser will do.

Exactly.  And if youâ??re an organization that has money and pays attention to DNS and security, you can get yourself a TLD, and be your own registry, at which point you only need to worry about the security of the root zone.

                                -Bill

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20190226/71e55ae6/attachment.sig>

Follow-Ups:
- A Deep Dive on the Recent Widespread DNS Hijacking
  - From: nicolas at ncartron.org (Nico Cartron)

References:
- A Deep Dive on the Recent Widespread DNS Hijacking
  - From: johnl at iecc.com (John Levine)

Prev by Date: A Deep Dive on the Recent Widespread DNS Hijacking
Next by Date: A Deep Dive on the Recent Widespread DNS Hijacking
Previous by thread: A Deep Dive on the Recent Widespread DNS Hijacking
Next by thread: A Deep Dive on the Recent Widespread DNS Hijacking
Index(es):
- Date
- Thread