Why are we still using the CA model? (Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates)

Marcus Reid marcus at blazingdot.com
Mon Sep 12 17:16:45 CDT 2011


On Mon, Sep 12, 2011 at 11:00:47PM +0100, Tony Finch wrote:
> Note that a big weak point in the DNS is the interface between the
> registrars and the registry. If you have a domain you have to trust the
> registry to impose suitable restrictions on its registrars to prevent a
> dodgy registrar from stealing your domain. Another, of course, is the
> interface between a registrar and its customers.

Just in case anybody missed it, ups.com, theregister.co.uk, and others
were hijacked in this way last week.

http://www.theregister.co.uk/2011/09/05/dns_hijack_service_updated/

Marcus



More information about the NANOG mailing list