On 11/22/2014 5:33 AM, Bill Bogstad wrote:
You are conflating DNS and Certificate Authorities. When I look at the certificate used for www.microsoft.com, it appears to be signed by Symantec via Verisign. In any case, controlling someone's DNS is not the same thing as being able to sign an SSL certificate that will be accepted.
MarkMonitor is a trusted CA. If they generate a certificate for microsoft.com then your browser will trust it. MarkMonitor is authoritative for the microsoft.com domain. They can change all microsoft.com hosts to point to their servers and you will trust them because their DNSSEC signatures are good and valid.
-- Rich P. _______________________________________________ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss