A Deep Dive on the Recent Widespread DNS Hijacking

• Previous message (by thread): A Deep Dive on the Recent Widespread DNS Hijacking
• Next message (by thread): A Deep Dive on the Recent Widespread DNS Hijacking
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On Mon, 2019-02-25 at 17:04 +1100, Mark Andrews wrote:
> I would also note that a organisation can deploy RFC 5011 for their
> own zones and have their own equipment use DNSKEYs managed using RFC
> 5011 for their own zones.  This isolates the organisation's equipment
> from the parent zone's management practices.

I want a registrar that can use TOTP 2fa for updates, but that
interferes with automated KSK key rollovers. Are there any registrars
that use rfc5011 to allow automated KSK key rollovers, combined with
TOTP 2fa for web based updates like the initial transition to a secure
zone, NS record changes, etc.?


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)

iEYEAREKAAYFAlx1aWgACgkQL6j7milTFsF9mACfVIXUZNLTOEyzbjneuZDeIBEg
2GUAnjoWsNZXtu0PgTuTvPwK0Je9DpCG
=nZy7
-----END PGP SIGNATURE-----

• Previous message (by thread): A Deep Dive on the Recent Widespread DNS Hijacking
• Next message (by thread): A Deep Dive on the Recent Widespread DNS Hijacking
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]