this post was submitted on 21 Jul 2023
1433 points (98.9% liked)

Technology

59402 readers
2934 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] db2@lemmy.one 141 points 1 year ago (20 children)

This brings a disturbing thought to mind.. if an instance domain name like foo.bar lapses and someone else snaps the domain up (or of it gets stolen) can the new controller plop Lemmy on a server and be instantly federated? If so what kind of damage could they do?

[–] lolcatnip@reddthat.com 62 points 1 year ago (4 children)

This is why you don't let your domain registration lapse. It's not the only way computers on the internet verify each other's identity, but a hell of a lot of internet security features are based around domain names, so keeping yours functioning is a very big deal.

[–] baascus@lemmy.world 67 points 1 year ago (3 children)

Domain registration ≠ internet security. Root of trust is in cryptographic keys, not domains. DNS is not the security cornerstone you make it out to be. PKI says hi!

[–] mle86@feddit.de 8 points 1 year ago

Yes, but it is very quick and cheap to get a domain validated cert from a CA that is generally trusted by most web browsers, so once the bad actor has the domain, the should be able to trick most users, only maybe certificate pinning might help, but that is not widely used.

load more comments (2 replies)
load more comments (2 replies)
load more comments (17 replies)