[dns-operations] FW: [IP] Sonic.net implements DNSSEC, performs MITM
Livingood, Jason
Jason_Livingood at cable.comcast.com
Fri Oct 10 20:09:59 UTC 2014
Noticed this on another list. It made me wonder if it was worth resurrecting & trying to publish this old individual I-D, which contained recommendations for opt-in and opt-out, among other things that would have been useful in this case.
Old drafts:
http://tools.ietf.org/html/draft-livingood-dns-malwareprotect-02
http://tools.ietf.org/html/draft-livingood-dns-redirect-03
- Jason Livingood
On 10/10/14, 2:33 PM, "Dave Farber via ip" <ip at listbox.com<mailto:ip at listbox.com>> wrote:
---------- Forwarded message ----------
From: "Lauren Weinstein" <lauren at vortex.com<mailto:lauren at vortex.com>>
Date: Oct 10, 2014 2:04 PM
Subject: [ NNSquad ] "Sonic.net implements DNSSEC, performs MITM against customers. Are they legally liable?"
To: <nnsquad at nnsquad.org<mailto:nnsquad at nnsquad.org>>
Cc:
"Sonic.net implements DNSSEC, performs MITM against customers. Are they
legally liable?"
(Gname): http://permalink.gmane.org/gmane.comp.encryption.general/21150
> Sonic implemented and deployed DNSSEC - and put it on their shiny
> new servers along with an 'RBZ service' that censors supposed malware
> and phishing sites. And while they told their customers about
> DNSSEC, they didn't mention the 'RBZ service.'
>
> They didn't get prior informed consent from their customers. In fact
> they didn't inform their customers, beyond quietly putting up a few
> mentions on webpages their customers normally have no reason to look
> at.
>
> They didn't provide a click-through link enabling customers to get the
> content anyway.
>
> And they diverted traffic to a page that does not mention who is doing
> the diversion, how, or why, or how to opt out.
...
> Black hats immediately found a way to get sites they dislike onto
> the list of supposed malware and phishing sites.
>
> Among the blocked sites:
> Local democratic party campaigners (first post).
>
> Financial services and markets - at a crucial time. (page 4).
>
> Software development sites (apparently some devs use the same
> utility network libraries used by malware devs, so the
> unknown-because-todays-compilation executables have code
> in common with known malware and aren't on the whitelist...)
- - -
--Lauren--
Lauren Weinstein (lauren at vortex.com<mailto:lauren at vortex.com>): http://www.vortex.com/lauren
Founder:
- Network Neutrality Squad: http://www.nnsquad.org
- PRIVACY Forum: http://www.vortex.com/privacy-info
Co-Founder: People For Internet Responsibility: http://www.pfir.org/pfir-info
Member: ACM Committee on Computers and Public Policy
I am a consultant to Google -- I speak only for myself, not for them.
Lauren's Blog: http://lauren.vortex.com
Google+: http://google.com/+LaurenWeinstein
Twitter: http://twitter.com/laurenweinstein
Tel: +1 (818) 225-2800<tel:%2B1%20%28818%29%20225-2800> / Skype: vortex.com<http://vortex.com>
_______________________________________________
nnsquad mailing list
http://lists.nnsquad.org/mailman/listinfo/nnsquad
Archives<https://www.listbox.com/member/archive/247/=now>[https://www.listbox.com/images/feed-icon-10x10.jpg]<https://www.listbox.com/member/archive/rss/247/11628208-43aa1cd2> | Modify<https://www.listbox.com/member/?member_id=11628208&id_secret=11628208-20874b84> Your Subscription | Unsubscribe Now<https://www.listbox.com/unsubscribe/?member_id=11628208&id_secret=11628208-33eb44fc&post_id=20141010143359:FDB071EE-50AB-11E4-9334-B5E9EBE6CC05> [https://www.listbox.com/images/listbox-logo-small.png] <http://www.listbox.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20141010/04570978/attachment.html>
More information about the dns-operations
mailing list