Why are we still using the CA model? (Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates)

Marcus Reid marcus at blazingdot.com
Mon Sep 12 22:16:45 UTC 2011

On Mon, Sep 12, 2011 at 11:00:47PM +0100, Tony Finch wrote:
> Note that a big weak point in the DNS is the interface between the
> registrars and the registry. If you have a domain you have to trust the
> registry to impose suitable restrictions on its registrars to prevent a
> dodgy registrar from stealing your domain. Another, of course, is the
> interface between a registrar and its customers.

Just in case anybody missed it, ups.com, theregister.co.uk, and others
were hijacked in this way last week.



More information about the NANOG mailing list