[dns-operations] Massive DNS poisoning attacks in Brazil

Stephane Bortzmeyer bortzmeyer at nic.fr
Tue Oct 2 20:49:29 UTC 2012

On Tue, Oct 02, 2012 at 08:34:36PM +0000,
 Paul Vixie <paul at redbarn.org> wrote 
 a message of 19 lines which said:

> i don't think so. too many middleboxes unpack the tcp/443 stream using a
> wildcard certificate, 

??? If you are on a network where the router/proxy/middlebox managed
to obtain a wildcard certificate from a CA you trust (is there a CA
which seels that?), you're toasted anyway. DNSSEC is useless because
the middlebox can hack you at will.

More information about the dns-operations mailing list