nanog mailing list archives
Re: A Deep Dive on the Recent Widespread DNS Hijacking
From: Nico Cartron <nicolas () ncartron org>
Date: Tue, 26 Feb 2019 22:25:07 +0100
On 26 Feb 2019, at 21:58, Bill Woodcock <woody () pch net> wrote:On Feb 26, 2019, at 8:12 AM, John Levine <johnl () iecc com> wrote: In article <CAD6AjGTBNZ8wTv6Y1KgTvNaW6Zi87RLprQK2Lg=d0evK8ot7=g () mail gmail com> you write:Swapping the DNS cabal for the CA cabal is not an improvement. Right? They are really the same arbitraging rent-seekers, just different layers.The models are different. If I want to compromise your DNS I need to attack your specific registrar. If I want a bogus cert, any of the thousand CAs in my browser will do.Exactly. And if you’re an organization that has money and pays attention to DNS and security, you can get yourself a TLD, and be your own registry, at which point you only need to worry about the security of the root zone.
Interesting. Never thought of new TLD from this angle :) -- Nico
Current thread:
- Re: A Deep Dive on the Recent Widespread DNS Hijacking Nico Cartron (Mar 04)
- <Possible follow-ups>
- Re: A Deep Dive on the Recent Widespread DNS Hijacking James Renken via NANOG (Mar 04)
- Re: A Deep Dive on the Recent Widespread DNS Hijacking Bill Woodcock (Mar 04)
- Re: A Deep Dive on the Recent Widespread DNS Hijacking James Renken via NANOG (Mar 04)