[Cryptography] Sonic.net implements DNSSEC, performs MITM against customers. Are they legally liable?

Peter Gutmann pgut001 at cs.auckland.ac.nz
Sat Oct 11 04:24:54 EDT 2014

Bear <bear at sonic.net> writes:

>Sonic implemented and deployed DNSSEC - and put it on their shiny new servers
>along with an 'RBZ service' that censors supposed malware and phishing sites.
>And while they told their customers about DNSSEC, they didn't mention the
>'RBZ service.'

So just to make sure I'm getting this right, Sonic are sending out DNSSEC-
authenticated but invalid/spoofed/however you want to label them DNS
responses?  As you say, the very thing that DNSSEC was designed to prevent?


More information about the cryptography mailing list