Nxdomain redirect revenue

• Previous message (by thread): Nxdomain redirect revenue
• Next message (by thread): Nxdomain redirect revenue
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Sep 27, 2011 at 05:08:42PM -0500, Jimmy Hess wrote:
> On Tue, Sep 27, 2011 at 8:27 AM, Christopher Morrow
> <morrowc.lists at gmail.com> wrote:
> 
> > how does tls/https help here? if you get sent to the 'wrong host'
> > whether or not it does https/tls is irrelevant, no? (save the case of
> > chrome and domain pinning)
> 
> Because the operator of the "wrong host"    cannot obtain a SSL
> certificate for the right host's domain from a legitimate CA.

Oh, if only 'twere true... even without control of the DNS for the domain,
there have been plenty of certificates erroneously issued.  With DNS
control, doing the necessary validation steps required for the issuance of a
certificate is child's play.

Then, of course, there's the issues with what constitutes a "legitimate" CA;
the list of CAs that I'd never want to trust, but which are in my browser by
default, is long and notorious.

- Matt

• Previous message (by thread): Nxdomain redirect revenue
• Next message (by thread): Nxdomain redirect revenue
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]