A Deep Dive on the Recent Widespread DNS Hijacking
John Levine
johnl at iecc.com
Tue Feb 26 16:12:26 UTC 2019
In article <CAD6AjGTBNZ8wTv6Y1KgTvNaW6Zi87RLprQK2Lg=d0evK8ot7=g at mail.gmail.com> you write:
>Swapping the DNS cabal for the CA cabal is not an improvement. Right? They
>are really the same arbitraging rent-seekers, just different layers.
The models are different. If I want to compromise your DNS I need to
attack your specific registrar. If I want a bogus cert, any of the
thousand CAs in my browser will do.
More information about the NANOG
mailing list