On Wed, 2020-04-15 at 10:02 -0500, Michael Catanzaro wrote:
> On Wed, Apr 15, 2020 at 1:38 pm, Florian Weimer <fweimer@xxxxxxxxxx>
> wrote:
> > Not sure if that's compatible with the new split DNS model because
> > VPN1
> > could simply start pushing longer names in the scope of VPN2, thus
> > hijacking internal traffic there (and this sort of hijacking is
> > exactly
> > what a DNS sinkhole against typosquatting would need).
>
> You deserve bonus points for thinking like an attacker and exploring
> the security model, but let's assume the configured VPNs are
> trusted.
> Otherwise the user is screwed no matter what. ;)
Trusted for what? I would expect corporate VPNs doing such tricks to
monitor the user's internet traffic. Which does not mean the user is
fully screwed with such VPN if he for example uses hardcoded
configuration of a caching nameserver.
--
Tomáš Mráz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
[You'll know whether the road is wrong if you carefully listen to your
conscience.]
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
