nanog mailing list archives

Re: DANE, was A Deep Dive on the Recent Widespread DNS Hijacking

From: Julien Goodwin <nanog () studio442 com au>
Date: Wed, 27 Feb 2019 15:58:58 +1100



On 27/2/19 3:10 am, John Levine wrote:

In article <B68C84D4-9D1A-4303-94CA-59CEBFB6B934 () pch net> you write:

We need to get switched over to DANE as quickly as possible, and stop wasting effort trying to keep the CA system 
alive with
ever-hackier band-aids.


What's the DANE version of a green-bar cert?


You mean the EV certificates that most browsers are removing the distinction of, removing their only real justification 
for existing?

https://www.troyhunt.com/extended-validation-certificates-are-dead/

Not that they were ever actually widely used.

https://www.troyhunt.com/on-the-perceived-value-ev-certs-cas-phishing-lets-encrypt/

Current thread:

Re: A Deep Dive on the Recent Widespread DNS Hijacking, (continued)
- - - Re: A Deep Dive on the Recent Widespread DNS Hijacking Ca By (Feb 26)
    - Re: A Deep Dive on the Recent Widespread DNS Hijacking David Conrad (Feb 26)
    - Re: A Deep Dive on the Recent Widespread DNS Hijacking Ca By (Feb 26)
    - Re: A Deep Dive on the Recent Widespread DNS Hijacking John Levine (Feb 26)
    - Re: A Deep Dive on the Recent Widespread DNS Hijacking Bill Woodcock (Feb 26)
    - Message not available
    - Re: A Deep Dive on the Recent Widespread DNS Hijacking Bill Woodcock (Feb 26)
    - Re: A Deep Dive on the Recent Widespread DNS Hijacking John Levine (Feb 26)
    - Re: A Deep Dive on the Recent Widespread DNS Hijacking bzs (Feb 26)
    - Re: A Deep Dive on the Recent Widespread DNS Hijacking Bill Woodcock (Feb 26)
    - Re: DANE, was A Deep Dive on the Recent Widespread DNS Hijacking John Levine (Feb 26)
    - Re: DANE, was A Deep Dive on the Recent Widespread DNS Hijacking Julien Goodwin (Feb 26)
    - Re: DANE, was A Deep Dive on the Recent Widespread DNS Hijacking Mike via NANOG (Feb 27)
    - Re: DANE, was A Deep Dive on the Recent Widespread DNS Hijacking Töma Gavrichenkov (Feb 27)
    - RE: DANE, was A Deep Dive on the Recent Widespread DNS Hijacking Eric Tykwinski (Feb 27)
    - Re: DANE, was A Deep Dive on the Recent Widespread DNS Hijacking Måns Nilsson (Feb 27)
    - Re: a detour DANE, was A Deep Dive on the Recent Widespread DNS Hijacking John Levine (Feb 27)
    - Re: a detour DANE, was A Deep Dive on the Recent Widespread DNS Hijacking Måns Nilsson (Feb 27)
    - Re: a detour DANE, was A Deep Dive on the Recent Widespread DNS Hijacking Mark Andrews (Feb 27)
    - Re: a detour DANE, was A Deep Dive on the Recent Widespread DNS Hijacking John R. Levine (Feb 27)
    - Re: a detour DANE, was A Deep Dive on the Recent Widespread DNS Hijacking Mark Andrews (Feb 27)
    - Re: a detour DANE, was A Deep Dive on the Recent Widespread DNS Hijacking John R. Levine (Feb 27)

(Thread continues...)