[Cryptography] Sonic.net implements DNSSEC, performs MITM against customers. Are they legally liable?
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Sat Oct 11 04:24:54 EDT 2014
Bear <bear at sonic.net> writes:
>Sonic implemented and deployed DNSSEC - and put it on their shiny new servers
>along with an 'RBZ service' that censors supposed malware and phishing sites.
>And while they told their customers about DNSSEC, they didn't mention the
>'RBZ service.'
So just to make sure I'm getting this right, Sonic are sending out DNSSEC-
authenticated but invalid/spoofed/however you want to label them DNS
responses? As you say, the very thing that DNSSEC was designed to prevent?
Peter.
More information about the cryptography
mailing list