[dns-operations] using DNSSEC to mitigate domain hijacking via the registrar channel
Marco Davids (SIDN)
marco.davids at sidn.nl
Sun Oct 13 07:26:22 UTC 2013
On 10/10/13 7:34 PM, Jim Reid wrote:
> On 10 Oct 2013, at 16:43, Dan York <york at isoc.org> wrote:
>
>> there's nothing that DNSSEC or anything else could have done here
>
> Perhaps that's the case for the incidents you described Dan.
>
> Some sort of token which identifies the EPP transaction could be given a name and entered into the zone that's getting redelegated or whatever. That RR would need to be signed.
Interesting thought, but I don't know, Jim. Sounds like some way of
circular dependency to me?
For instance, what would happen if the registrar would upload the wrong
DNSKEY/DS to the parent and want to correct that? Would be impossible,
because validation is broken at that time?
--
Marco
More information about the dns-operations
mailing list