1
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 20 Jun 2023
1 points (100.0% liked)
Asklemmy
43750 readers
1240 users here now
A loosely moderated place to ask open-ended questions
If your post meets the following criteria, it's welcome here!
- Open-ended question
- Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
- Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
- Not ad nauseam inducing: please make sure it is a question that would be new to most members
- An actual topic of discussion
Looking for support?
Looking for a community?
- Lemmyverse: community search
- sub.rehab: maps old subreddits to fediverse options, marks official as such
- !lemmy411@lemmy.ca: a community for finding communities
~Icon~ ~by~ ~@Double_A@discuss.tchncs.de~
founded 5 years ago
MODERATORS
"Small one" is very wrong here. This is by far the largest gaping security hole in the whole specification.
Since when is stealing a domain name easy? If it would be then google.com would redirect to another scam site every five minutes.
The only way you're going to steal a domain is if the owner stops paying for it.
If you steal gmail.com you could impersonate anyone with a gmail email address. How is that an argument?
You either social engineer the needed data or hack the domain owner and change the Admin-C or Tech-C and then either directly or by request change the IP for that domain. You could also bribe some one working there or someone who works for the registrar or somehow gain access to the mail account of Admin-C or Tech-C.
https://www.hackingloops.com/domain-hijacking-how-to-hijack-domain-names/
You could also try to poison the instance’s DNS cache so the domain in question is resolved to an IP where the server is under your control.
https://en.wikipedia.org/wiki/DNS_hijacking
You could also register domain names that are either unpaid for whatever reason and thus marked as in transit and if the transit period is over you just claim the address.
https://en.wikipedia.org/wiki/Domain_drop_catching
And since you mentioned google.com:
https://money.cnn.com/2016/01/29/technology/google-domain-purchase/index.html
To recite @fubo@lemmy.world: Depending on DNS for security is generally a bad idea.
Sure, but if you lose your domain you already lost. That's it, game over.
I do agree it would make sense to issue every Lemmy instance and every user an asymmetric key pair they can sign against, just for extra security. But that might also break things because instances per domain are no longer unique. You can have lemmy.ml@publickey1 and then lemmy.ml@publickey2 and then lemmy.ml@publickey3 and so on. It would be an absolute mess.
This doesn't even have to be an attack. A new instance owner might decide to re-setup their instance and nuke everything or they simply lost the data. Or on a faulty Lemmy update things break and the private key gets regenerated or jumbled up. Especially right now in the early stages of this platform where things are bound to go wrong you don't want to accidentally nuke an entire instance.
What do you do then if a legitimate owner sets up the instance under the same domain again?
Besides that, if an instance really gets removed (which basically happens if someone takes over the domain, they don't have access to the instance data itself) other instances can simply defederate in an emergency. Though the only damage would be moderator accounts on other instances. The content is dead the moment the instance dies anyway (there just isn't a mechanism yet to clean it up if there is no delete events being sent, but that will probably come).