nanog mailing list archives
Re: Should host/domain names travel over the internet with a trailing dot?
From: Valdis.Kletnieks () vt edu
Date: Tue, 26 Feb 2013 13:12:53 -0500
On Mon, 25 Feb 2013 19:07:20 -0600, Jimmy Hess said:
If the domain in a certificate were not interpreted as a FQDN by the client, this would mean, that the certificate for CN=bigbank.example.com might be used to authenticate a connection to https://bigbank.example.com which do the local resolver search order, is in fact a DNS lookup of bigbank.example.com.intranet.example.com Which might be captured by a Wildcard A record for *.com found in the intranet.example.com. zone and pointed to a server containing a phishing attack against bigbank.example.com; with a DNS cache poisoned by a false negative cache NXDOMAIN entry for bigbank.example.com.
I am *sooo* tempted to say "I recommend my competitors do DNS lookups this way" :)
Attachment:
_bin
Description:
Current thread:
- Re: Should host/domain names travel over the internet with a trailing dot?, (continued)
- Re: Should host/domain names travel over the internet with a trailing dot? Mark Andrews (Feb 25)
- Re: Should host/domain names travel over the internet with a trailing dot? Jay Ashworth (Feb 25)
- Re: Should host/domain names travel over the internet with a trailing dot? Mark Andrews (Feb 25)
- Re: Should host/domain names travel over the internet with a trailing dot? Jay Ashworth (Feb 25)
- Re: Should host/domain names travel over the internet with a trailing dot? Mark Andrews (Feb 25)
- Re: Should host/domain names travel over the internet with a trailing dot? Mark Andrews (Feb 25)
- Re: Should host/domain names travel over the internet with a trailing dot? Brian Reichert (Feb 25)
- Re: Should host/domain names travel over the internet with a trailing dot? Jay Ashworth (Feb 25)
- Re: Should host/domain names travel over the internet with a trailing dot? Jimmy Hess (Feb 25)
- Re: Should host/domain names travel over the internet with a trailing dot? Jay Ashworth (Feb 25)
- Re: Should host/domain names travel over the internet with a trailing dot? Valdis . Kletnieks (Feb 26)
- Re: looking for terminology recommendations concerning non-rooted FQDNs Owen DeLong (Feb 25)
- Re: looking for terminology recommendations concerning non-rooted FQDNs David Miller (Feb 25)
- Re: looking for terminology recommendations concerning non-rooted FQDNs Jay Ashworth (Feb 25)
- Re: looking for terminology recommendations concerning non-rooted FQDNs Owen DeLong (Feb 25)
- Re: looking for terminology recommendations concerning non-rooted FQDNs Brian Reichert (Feb 25)
- Re: looking for terminology recommendations concerning non-rooted FQDNs Doug Barton (Feb 25)
- Re: looking for terminology recommendations concerning non-rooted FQDNs Brian Reichert (Feb 25)
- Re: looking for terminology recommendations concerning non-rooted FQDNs Jay Ashworth (Feb 25)
- Message not available
- Re: looking for terminology recommendations concerning non-rooted FQDNs Brian Reichert (Feb 22)
- Re: looking for terminology recommendations concerning non-rooted FQDNs Andrew Sullivan (Feb 22)