nanog mailing list archives
Re: This DNS over HTTP thing
From: Jan Philippi <jan () philippi pw>
Date: Wed, 2 Oct 2019 12:01:14 +0200
The thing is: People were conditioned for years to look for the padlock, because padlock means secure. How will we ever get this out of their minds.. Jan SMTP: jan () philippi pw XMPP: jan () himbeere pw GPG: 45F3 2DF0 4D55 C4B4 2083 14C5 5727 D54F *E4E2 2A3C* Am 02.10.19 um 11:45 schrieb Valdis Klētnieks:
On Wed, 02 Oct 2019 01:55:13 -0600, "Keith Medcalf" said:It is a common fallacy that TLS connections are authenticated. The vast majority of them are not authenticated in any meaningful fashion and all that can be said about TLS is that it provides an encrypted connection between the two communicating applications. This is perhaps why it is call *transport* layer security ...Another major disconnect is that TLS validates the hostname that the browser decided to connect to, not the host you thought you were connecting to.. The end result is that if a phish directs you to nan0g.org, it can still show a padlock and the user is none the wiser....
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- Re: This DNS over HTTP thing, (continued)
- Re: This DNS over HTTP thing Niels Bakker (Oct 02)
- Re: This DNS over HTTP thing Tom Ivar Helbekkmo via NANOG (Oct 02)
- RE: This DNS over HTTP thing Keith Medcalf (Oct 02)
- RE: This DNS over HTTP thing Keith Medcalf (Oct 01)
- Re: This DNS over HTTP thing Jay R. Ashworth (Oct 01)
- Re: This DNS over HTTP thing Michael Thomas (Oct 01)
- Re: This DNS over HTTP thing David Conrad (Oct 01)
- RE: This DNS over HTTP thing Keith Medcalf (Oct 02)
- Re: This DNS over HTTP thing Valdis Klētnieks (Oct 02)
- Re: This DNS over HTTP thing Matt Palmer (Oct 02)
- Re: This DNS over HTTP thing Jan Philippi (Oct 02)
- RE: This DNS over HTTP thing Keith Medcalf (Oct 02)
- Re: FW: This DNS over HTTP thing bzs (Oct 03)
- Re: This DNS over HTTP thing Jim (Oct 07)
- RE: This DNS over HTTP thing Kevin McCormick (Oct 07)