Re: Security for various IETF services

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Apr 11, 2014 at 10:32:31AM +1000, Mark Andrews wrote:
> No quite the same.  A CA could issue a cert without any checking
> for any domain.  Here you need to be the registrar of record to add
> records to the registry.  Also a registry can only add records for
> the namespace it manages not any arbitary name.
> 
> So to get a bad DS added you need to be a corrupt registry or a
> corrupt employee of registry or you need to compromise the registrants
> credentials or you need to succeed in transfering the zone to you.

Or you have to be the corrupt registry operator or an employee for the
registry operator (i.e., Verisign for the .com domain)....

    	 	       		    	- Ted





[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]