nanog mailing list archives

Re: A Deep Dive on the Recent Widespread DNS Hijacking

From: Bill Woodcock <woody () pch net>
Date: Tue, 26 Feb 2019 12:58:50 -0800

On Feb 26, 2019, at 8:12 AM, John Levine <johnl () iecc com> wrote:

In article <CAD6AjGTBNZ8wTv6Y1KgTvNaW6Zi87RLprQK2Lg=d0evK8ot7=g () mail gmail com> you write:

Swapping the DNS cabal for the CA cabal is not an improvement. Right?  They
are really the same arbitraging rent-seekers, just different layers.


The models are different.  If I want to compromise your DNS I need to
attack your specific registrar.  If I want a bogus cert, any of the
thousand CAs in my browser will do.


Exactly.  And if you’re an organization that has money and pays attention to DNS and security, you can get yourself a 
TLD, and be your own registry, at which point you only need to worry about the security of the root zone.

                                -Bill

Attachment: signature.asc
Description: Message signed with OpenPGP

Current thread:

Re: A Deep Dive on the Recent Widespread DNS Hijacking, (continued)
- - - Re: A Deep Dive on the Recent Widespread DNS Hijacking Ask Bjørn Hansen (Feb 25)
    - Re: A Deep Dive on the Recent Widespread DNS Hijacking Hank Nussbacher (Feb 25)
    - Re: A Deep Dive on the Recent Widespread DNS Hijacking Bill Woodcock (Feb 26)
    - Re: A Deep Dive on the Recent Widespread DNS Hijacking Sander Steffann (Feb 26)
    - Re: A Deep Dive on the Recent Widespread DNS Hijacking Michael Hallgren (Feb 26)
    - Re: A Deep Dive on the Recent Widespread DNS Hijacking Bjørn Mork (Feb 26)
    - Re: A Deep Dive on the Recent Widespread DNS Hijacking Ca By (Feb 26)
    - Re: A Deep Dive on the Recent Widespread DNS Hijacking David Conrad (Feb 26)
    - Re: A Deep Dive on the Recent Widespread DNS Hijacking Ca By (Feb 26)
    - Re: A Deep Dive on the Recent Widespread DNS Hijacking John Levine (Feb 26)
    - Re: A Deep Dive on the Recent Widespread DNS Hijacking Bill Woodcock (Feb 26)
    - Message not available
    - Re: A Deep Dive on the Recent Widespread DNS Hijacking Bill Woodcock (Feb 26)
    - Re: A Deep Dive on the Recent Widespread DNS Hijacking John Levine (Feb 26)
    - Re: A Deep Dive on the Recent Widespread DNS Hijacking bzs (Feb 26)
    - Re: A Deep Dive on the Recent Widespread DNS Hijacking Bill Woodcock (Feb 26)
    - Re: DANE, was A Deep Dive on the Recent Widespread DNS Hijacking John Levine (Feb 26)
    - Re: DANE, was A Deep Dive on the Recent Widespread DNS Hijacking Julien Goodwin (Feb 26)
    - Re: DANE, was A Deep Dive on the Recent Widespread DNS Hijacking Mike via NANOG (Feb 27)
    - Re: DANE, was A Deep Dive on the Recent Widespread DNS Hijacking Töma Gavrichenkov (Feb 27)
    - RE: DANE, was A Deep Dive on the Recent Widespread DNS Hijacking Eric Tykwinski (Feb 27)
    - Re: DANE, was A Deep Dive on the Recent Widespread DNS Hijacking Måns Nilsson (Feb 27)

(Thread continues...)