--On 23 January 2010 04:56:33 +0000 Alex Bligh <[email protected]> wrote:
Having verifiable deniability for typo-squated domaims is very useful.
If expensive, where 99% of your domains are unsigned.
By which I mean expensive given this isn't the cheapest attack vector.
If I want to typo squat with a non-existent domain (and it's only
non-existent domains where verification of denial of existence is
an issue), I could just register the domain which would be far
more reliable than all the hocus pocus needed to get spoofing to
work. It's not that hard to get an SSL cert either. And if I
have got the technology to spoof, why not attack one of the 99%
unsigned domains in the zone, rather than an unregistered typo-squat
of a signed one, as the pickings will be far greater?
--
Alex Bligh
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
