A Deep Dive on the Recent Widespread DNS Hijacking

• Previous message (by thread): A Deep Dive on the Recent Widespread DNS Hijacking
• Next message (by thread): A Deep Dive on the Recent Widespread DNS Hijacking
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> On Feb 26, 2019, at 1:25 PM, Nico Cartron <nicolas at ncartron.org> wrote:
> 
> 
> 
>> On 26 Feb 2019, at 21:58, Bill Woodcock <woody at pch.net> wrote:
>> 
>> 
>> 
>>> On Feb 26, 2019, at 8:12 AM, John Levine <johnl at iecc.com> wrote:
>>> 
>>> In article <CAD6AjGTBNZ8wTv6Y1KgTvNaW6Zi87RLprQK2Lg=d0evK8ot7=g at mail.gmail.com> you write:
>>>> Swapping the DNS cabal for the CA cabal is not an improvement. Right?  They
>>>> are really the same arbitraging rent-seekers, just different layers.
>>> 
>>> The models are different.  If I want to compromise your DNS I need to
>>> attack your specific registrar.  If I want a bogus cert, any of the
>>> thousand CAs in my browser will do.
>> 
>> Exactly.  And if you’re an organization that has money and pays attention to DNS and security, you can get yourself a TLD, and be your own registry, at which point you only need to worry about the security of the root zone.
> 
> Interesting.
> Never thought of new TLD from this angle :)

That’s the main reason for having a brand TLD at this point, from my point of view.  It’s the reason I’d get one in a heartbeat, if I could afford the fees.

                                -Bill

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20190226/f89a7f12/attachment.sig>

• Previous message (by thread): A Deep Dive on the Recent Widespread DNS Hijacking
• Next message (by thread): A Deep Dive on the Recent Widespread DNS Hijacking
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]