It will be interesting to see what will happen to these "services" when DNSSEC
is used more widely.
Plan A: few consumers will use DNSSEC between their PCs and the ISP's
resolver, so they won't notice.
Plan B: consumers will observe that malicious impersonation of far away
DNS servers is rare and exotic, but malware spam arrives hourly, so they
will make a rational tradeoff, take their ISP's advice, and turn off
DNSSEC.
Malware that infects browsers and rewrites bank transactions on the fly is
a huge problem, particularly in Europe, and requires no DNS funny business
at all. We can certainly imagine attacks that depend on DNS poisoning,
but any tradeoff that makes it easier to get infected by malware is, for
typical PC users, a foolish one.
Be careful what you ask for, and all that.
R's,
John
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf