[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: NSA software in Debian

On 25/01/2014 7:39 PM, Emmanuel Thierry wrote:
> Then DNSSEC appeared ! :)

I wish it was that simple .... I don't believe it is today, but one day
it will have to be the standard.

> I remind you it is really difficult to compromise DNS zones protected by DNSSEC, even if you have control on root DNS servers (they probably have it) and the knowledge of the complete root DNS key (they likely don't have it).
> 
> There is no point in considering DNS as compromised, since it would be much easier (and as difficult to hide) to subvert IP routing. By the way if you succeeded in redirecting DNS traffic to your box, you probably have the power of redirecting all the traffic to your box.

It is technically very easy to compromise DNS for many people.  It often
surprises me that people don't question absolutely whether or not a
webpage is legitimate, they almost always take it on faith unless there
is something very obviously wrong and even then the person will take
some convincing (especially the lesser educated on these matters).

Kind Regards
AndrewM
Reply to: