• finn@lemmy.world
    link
    fedilink
    English
    arrow-up
    70
    arrow-down
    3
    ·
    1 year ago

    Domain registration ≠ internet security. Root of trust is in cryptographic keys, not domains. DNS is not the security cornerstone you make it out to be. PKI says hi!

    • redcalcium@c.calciumlabs.com
      link
      fedilink
      English
      arrow-up
      22
      ·
      1 year ago

      Consider how many system relies on being able to send you an email for verifying your login and performing password reset. Those who have control over your email address domain can trigger password reset for most of online services out there. Imagine if Google forgot to renew gmail.com and it falls to a wrong hands.

    • mle@feddit.de
      link
      fedilink
      English
      arrow-up
      8
      ·
      1 year ago

      Yes, but it is very quick and cheap to get a domain validated cert from a CA that is generally trusted by most web browsers, so once the bad actor has the domain, the should be able to trick most users, only maybe certificate pinning might help, but that is not widely used.

    • lolcatnip@reddthat.com
      link
      fedilink
      English
      arrow-up
      6
      ·
      1 year ago

      Email is tied to domains. TLS is tied to domains. CORS is tied to domains. OAuth is tied to domains. Those are just four things I can think of while half asleep. Here’s one recent example of how screwing up a domain name is enough by itself to cause a security breach.

      Cryptography is not security any more than domain names are; both are facets of how security is implemented but there’s no one system that makes the Internet secure.