[144512] in North American Network Operators' Group
Re: Why are we still using the CA model? (Re: Microsoft deems all
daemon@ATHENA.MIT.EDU (Marcus Reid)
Mon Sep 12 18:18:16 2011
Date: Mon, 12 Sep 2011 22:16:45 +0000
From: Marcus Reid <marcus@blazingdot.com>
To: Tony Finch <dot@dotat.at>
In-Reply-To: <alpine.LSU.2.00.1109122253100.24644@hermes-2.csi.cam.ac.uk>
Cc: North American Network Operators' Group <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Mon, Sep 12, 2011 at 11:00:47PM +0100, Tony Finch wrote:
> Note that a big weak point in the DNS is the interface between the
> registrars and the registry. If you have a domain you have to trust the
> registry to impose suitable restrictions on its registrars to prevent a
> dodgy registrar from stealing your domain. Another, of course, is the
> interface between a registrar and its customers.
Just in case anybody missed it, ups.com, theregister.co.uk, and others
were hijacked in this way last week.
http://www.theregister.co.uk/2011/09/05/dns_hijack_service_updated/
Marcus
