This DNS over HTTP thing

• Previous message (by thread): This DNS over HTTP thing
• Next message (by thread): This DNS over HTTP thing
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 02 Oct 2019 01:55:13 -0600, "Keith Medcalf" said:

> It is a common fallacy that TLS connections are authenticated.  The vast
> majority of them are not authenticated in any meaningful fashion and all that
> can be said about TLS is that it provides an encrypted connection between the
> two communicating applications.  This is perhaps why it is call *transport*
> layer security ...

Another major disconnect is that TLS validates the hostname that the browser
decided to connect to, not the host you thought you were connecting to..

The end result is that if a phish directs you to nan0g.org, it can still show a
padlock and the user is none the wiser....
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20191002/cca2b7dc/attachment.sig>

• Previous message (by thread): This DNS over HTTP thing
• Next message (by thread): This DNS over HTTP thing
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]