If an attacker can spoof DNS, they can just create A records that point to their... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

sbierwagen on Nov 21, 2014 | parent | context | favorite | on: Let's Encrypt: How It Works

If an attacker can spoof DNS, they can just create A records that point to their own server, and MITM from that.

Public key pinning would protect against that class of attacks: https://wiki.mozilla.org/SecurityEngineering/Public_Key_Pinn...

stavros on Nov 21, 2014 [–]

Whose DNS layer? If they own the user's, no. If they own the server's, maybe, if they could convince the CA to sign a certificate they control. Otherwise, they couldn't really do anything.

Consider applying for YC's W25 batch! Applications are open till Nov 12.
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact