vitaly
Thomas H. PtacekDNSSEC takes Sumologic down. The death toll mounts. https://status.sumologic.com/pages/incident/5ea1c7ba3f2f1604b93ca38e/645f0e8e6366b905395af6b9
Cassandrich@tqbf I love how everyone complains and blames cryptography for doing exactly what it's supposed to in cases like this.
@dalias Not sure what this has to do with cryptography. It's DNSSEC, there's barely any cryptography involved.
@tqbf Um, there's signing keys and an explicit instruction to disregard any data not signed by those keys. Then they went and changed keys without performing any rollover process. So of course the new data will be treated as forged. As intended.
@tqbf Probably involved garbage hosting providers controlling keys. Something something "not your key, not your apes^H^H^H^HRRs"
@tqbf Yet another reason I'm glad I switched to the Quad9 DNS servers that don't do DNSSEC validation.