A Deep Dive on the Recent Widespread DNS Hijacking

• Previous message (by thread): A Deep Dive on the Recent Widespread DNS Hijacking
• Next message (by thread): A Deep Dive on the Recent Widespread DNS Hijacking
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> On Feb 24, 2019, at 7:41 PM, Montgomery, Douglas (Fed) <dougm at nist.gov> wrote:
> In the 3rd attack noted below, do we know if the CA that issued the DV CERTS does DNSSEC validation on its DNS challenge queries?

We know that neither Comodo nor Let's Encrypt were DNSSEC validating before issuing certs.  The Let’s Encrypt guys at least seemed interested in learning from their mistake.  Can’t say as much of Comodo.

                                -Bill

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20190224/1228f4cf/attachment.sig>

• Previous message (by thread): A Deep Dive on the Recent Widespread DNS Hijacking
• Next message (by thread): A Deep Dive on the Recent Widespread DNS Hijacking
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]