[dns-operations] why does that domain resolve?
vladimir.cunat+ietf at nic.cz
Sat Jun 5 13:27:50 UTC 2021
On 05/06/2021 13.11, A. Schulze wrote:
> Is "being client centric" a candidate for a "dns-flag-day-2022"?
> Consider .com like to intercept gmail.com. Changing the delegation in .com would be enough. Really?
The parent has full control of its subtree anyway. They can even roll
the DNSSEC key of the child to anything. Getting a TLS cert for "big
names" will be hard without causing alarm, though (e.g. cert.
transparency)... and you'd surely need that to intercept e-mail towards
Recent discussion threads I see as related were around these two proposals:
More information about the dns-operations