[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

This DNS over HTTP thing

Subject: This DNS over HTTP thing
From: jan at philippi.pw (Jan Philippi)
Date: Wed, 2 Oct 2019 12:01:14 +0200
In-reply-to: <33451.1570009557@turing-police>
References: <[email protected]> <33451.1570009557@turing-police>

The thing is: People were conditioned for years to look for the padlock,
because padlock means secure.

How will we ever get this out of their minds..

Jan

SMTP: jan at philippi.pw
XMPP: jan at himbeere.pw
GPG: 45F3 2DF0 4D55 C4B4 2083  14C5 5727 D54F *E4E2 2A3C*

Am 02.10.19 um 11:45 schrieb Valdis KlÄ?tnieks:
> On Wed, 02 Oct 2019 01:55:13 -0600, "Keith Medcalf" said:
> 
>> It is a common fallacy that TLS connections are authenticated.  The vast
>> majority of them are not authenticated in any meaningful fashion and all that
>> can be said about TLS is that it provides an encrypted connection between the
>> two communicating applications.  This is perhaps why it is call *transport*
>> layer security ...
> 
> Another major disconnect is that TLS validates the hostname that the browser
> decided to connect to, not the host you thought you were connecting to..
> 
> The end result is that if a phish directs you to nan0g.org, it can still show a
> padlock and the user is none the wiser....
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20191002/b141586c/attachment.sig>

References:
- This DNS over HTTP thing
  - From: kmedcalf at dessus.com (Keith Medcalf)
- This DNS over HTTP thing
  - From: valdis.kletnieks at vt.edu (Valdis Klētnieks)

Prev by Date: This DNS over HTTP thing
Next by Date: This DNS over HTTP thing
Previous by thread: This DNS over HTTP thing
Next by thread: This DNS over HTTP thing
Index(es):
- Date
- Thread