On 25/01/2014 7:39 PM, Emmanuel Thierry wrote: > Then DNSSEC appeared ! :)
I wish it was that simple .... I don't believe it is today, but one day it will have to be the standard. > I remind you it is really difficult to compromise DNS zones protected by > DNSSEC, even if you have control on root DNS servers (they probably have it) > and the knowledge of the complete root DNS key (they likely don't have it). > > There is no point in considering DNS as compromised, since it would be much > easier (and as difficult to hide) to subvert IP routing. By the way if you > succeeded in redirecting DNS traffic to your box, you probably have the power > of redirecting all the traffic to your box. It is technically very easy to compromise DNS for many people. It often surprises me that people don't question absolutely whether or not a webpage is legitimate, they almost always take it on faith unless there is something very obviously wrong and even then the person will take some convincing (especially the lesser educated on these matters). Kind Regards AndrewM -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/52e5544a.4070...@affinityvision.com.au
