A Deep Dive on the Recent Widespread DNS Hijacking

John Levine johnl at iecc.com
Tue Feb 26 16:12:26 UTC 2019

In article <CAD6AjGTBNZ8wTv6Y1KgTvNaW6Zi87RLprQK2Lg=d0evK8ot7=g at mail.gmail.com> you write:
>Swapping the DNS cabal for the CA cabal is not an improvement. Right?  They
>are really the same arbitraging rent-seekers, just different layers.

The models are different.  If I want to compromise your DNS I need to
attack your specific registrar.  If I want a bogus cert, any of the 
thousand CAs in my browser will do.

More information about the NANOG mailing list