IETF Logo Mail Archive

Re: [DNSOP] [Ext] Re: Resolver behaviour with multiple trust anchors

Philip Homburg <pch-dnsop-2@u-1.phicoh.com> Thu, 02 November 2017 10:15 UTC

Return-Path: <pch-bCE2691D2@u-1.phicoh.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 90B6913F642 for <dnsop@ietfa.amsl.com>; Thu, 2 Nov 2017 03:15:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.001
X-Spam-Level:
X-Spam-Status: No, score=-0.001 tagged_above=-999 required=5 tests=[BAYES_40=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5FlwSjCur8xQ for <dnsop@ietfa.amsl.com>; Thu, 2 Nov 2017 03:15:19 -0700 (PDT)
Received: from stereo.hq.phicoh.net (stereo6-tun.hq.phicoh.net [IPv6:2001:888:1044:10:2a0:c9ff:fe9f:17a9]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 843F113F567 for <dnsop@ietf.org>; Thu, 2 Nov 2017 03:15:18 -0700 (PDT)
Received: from stereo.hq.phicoh.net (localhost [::ffff:127.0.0.1]) by stereo.hq.phicoh.net with esmtp (TLS version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384) (Smail #157) id m1eACWS-0000ElC; Thu, 2 Nov 2017 11:14:52 +0100
Message-Id: <m1eACWS-0000ElC@stereo.hq.phicoh.net>
To: dnsop@ietf.org
Cc: Edward Lewis <edward.lewis@icann.org>
From: Philip Homburg <pch-dnsop-2@u-1.phicoh.com>
Sender: pch-bCE2691D2@u-1.phicoh.com
References: <121CDBC2-D68C-48EE-A56E-46C61FC21538@sidn.nl> <CAN6NTqxy4SWxsUNZyBA=1TZxdhWtVxaTDYLoA1qO2nKf202g9w@mail.gmail.com> <20171101121730.esajuad5cefebtgg@vic20.blipp.com> <B2622241-C3C6-496B-96C6-6A9FB2DC9926@icann.org>
In-reply-to: Your message of "Wed, 1 Nov 2017 13:48:02 +0000 ." <B2622241-C3C6-496B-96C6-6A9FB2DC9926@icann.org>
Date: Thu, 02 Nov 2017 11:14:49 +0100
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/iOay5-EUl77VOl-GxNl_o9UIGW0>
Subject: Re: [DNSOP] [Ext] Re: Resolver behaviour with multiple trust anchors
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Nov 2017 10:15:21 -0000

>Are there cases of "corrupted" registries make the threat of "stolen zones" a 
>real thing?

I think the most well known example is the US government taking the .org domain
of Rojadirecta.

https://torrentfreak.com/u-s-returns-seized-domains-to-streaming-links-site-after-18-months-120830/

There were two issues in this case: for any organisation outside the US, using
a domain with a registry in the US is risky, because the US government assumes
jurisdiction, even if the company itself doesn't do any business in the US.

The second issue is that the domain was seized by the executive branch. And
not just blocked, but actually redirected to servers of the US government.

v2.23.0 | Report a Bug | By Email