[dnssec-deployment] DNSSEC and certificates.
doug.barton at icann.org
Sat Jan 22 16:10:06 EST 2005
The attack vector I'm most concerned about is the one where the attacker
obtains a valid certificate, and then spoofs DNS to direct traffic to his
bogus site. There is no way for the average user to protect themselves
against this attack.
Vectors for obtaining a valid cert are many, a disgruntled former employee,
cracking a poorly protected web server, CA error (e.g., the microsoft case
with VeriSign a while back), etc. etc.
General Manager, The Internet Assigned Numbers Authority
More information about the Dnssec-deployment