[dns-operations] Massive DNS poisoning attacks in Brazil
Stephane Bortzmeyer
bortzmeyer at nic.fr
Tue Oct 2 20:49:29 UTC 2012
On Tue, Oct 02, 2012 at 08:34:36PM +0000,
Paul Vixie <paul at redbarn.org> wrote
a message of 19 lines which said:
> i don't think so. too many middleboxes unpack the tcp/443 stream using a
> wildcard certificate,
??? If you are on a network where the router/proxy/middlebox managed
to obtain a wildcard certificate from a CA you trust (is there a CA
which seels that?), you're toasted anyway. DNSSEC is useless because
the middlebox can hack you at will.
More information about the dns-operations
mailing list