Re: A Deep Dive on the Recent Widespread DNS Hijacking

[Bill Woodcock <woody () pch net>]

> On Feb 26, 2019, at 1:25 PM, Nico Cartron <nicolas () ncartron org> wrote:
>
>
>
> > On 26 Feb 2019, at 21:58, Bill Woodcock <woody () pch net> wrote:
> >
> >
> >
> > > On Feb 26, 2019, at 8:12 AM, John Levine <johnl () iecc com> wrote:
> > >
> > > In article <CAD6AjGTBNZ8wTv6Y1KgTvNaW6Zi87RLprQK2Lg=d0evK8ot7=g () mail gmail com> you write:
> > > > Swapping the DNS cabal for the CA cabal is not an improvement. Right?  They
> > > > are really the same arbitraging rent-seekers, just different layers.
> > >
> > > The models are different.  If I want to compromise your DNS I need to
> > > attack your specific registrar.  If I want a bogus cert, any of the
> > > thousand CAs in my browser will do.
> >
> > Exactly.  And if you’re an organization that has money and pays attention to DNS and security, you can get yourself 
> > a TLD, and be your own registry, at which point you only need to worry about the security of the root zone.
>
> Interesting.
> Never thought of new TLD from this angle :)

That’s the main reason for having a brand TLD at this point, from my point of view.  It’s the reason I’d get one in a 
heartbeat, if I could afford the fees.

                                -Bill

Attachment: signature.asc
Description: Message signed with OpenPGP