https://bz.apache.org/bugzilla/show_bug.cgi?id=59754
--- Comment #1 from Christopher Schultz <ch...@christopherschultz.net> --- I remember hearing about this. I have no objection to anyone else working on this, but it's a terrible design: it's trying to solve the problem of not using DNSSEC by essentially re-implementing DNSSEC with the notable problem of being trust-on-first-use (TOFU). So it's completely useless from a security perspective. You can still be owned: you just have to be owned early. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org