undefined | Better HN

0 pointsTerr_2y ago0 comments

Neither of those, although since you bring it up I'm curious how much a rogue ccTLD could substitute DNS records and produce alternate certificates to take over a domain beneath it.

Rather it's about end-user security habits, their credulity of arbitrary domains, and the mental load of noticing risks.

Imagine the IRS had an online payment portal, do you believe it should it be advertised as pay.irs.gov or as paymytaxes.com? (Or perhaps pay-my-taxes.com or pay.taxes.com is the real one?)

0 comments

1 comments · 1 top-level

toast02y ago

> Neither of those, although since you bring it up I'm curious how much a rogue ccTLD could substitute DNS records and produce alternate certificates to take over a domain beneath it.

The TLD can change domain records at will. Change the NS and DS records, and you control the domain. Control the domain, and you can get a certificate.

If the ccTLD is sophisticated, they might carefully target the changes, but maybe not.

It would be bad for business, for a TLD to become known to hijack customers' domains. But, maybe its worth it, if you can steal a bunch of US identities?

j / k navigate · click thread line to collapse