Comment by tptacek
4 hours ago
Zones get meaningfully hijacked all the time. It just doesn't happen through cache poisoning; it happens through phished registrar accounts.
4 hours ago
Zones get meaningfully hijacked all the time. It just doesn't happen through cache poisoning; it happens through phished registrar accounts.
Phishing existing isn't a good argument against cryptographically authenticating DNS records.
"Phishing existing" isn't the argument. "The dominant vector for actual domain takeover over the last 5 years is phishing" is.
But it also applies to every other part of the stack, including WebPKI. Would you accept this as a valid argument against using HTTPS everywhere?
1 reply →