Re: [ietf] DNS spoofing at captive portals

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



It will be interesting to see what will happen to these "services" when DNSSEC is used more widely.

Plan A: few consumers will use DNSSEC between their PCs and the ISP's resolver, so they won't notice.

Plan B: consumers will observe that malicious impersonation of far away DNS servers is rare and exotic, but malware spam arrives hourly, so they will make a rational tradeoff, take their ISP's advice, and turn off DNSSEC.

Malware that infects browsers and rewrites bank transactions on the fly is a huge problem, particularly in Europe, and requires no DNS funny business at all. We can certainly imagine attacks that depend on DNS poisoning, but any tradeoff that makes it easier to get infected by malware is, for typical PC users, a foolish one.

Be careful what you ask for, and all that.

R's,
John
_______________________________________________
Ietf mailing list
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf


[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]