On Thu, 2010-09-16 at 07:27 +0200, Martin Rex wrote: > Clearly unsafe operations: > > - building a reference identifier from the result of a > DNS CNAME lookup
> (the use of DNSSEC does not make this safe) Why not? I'm not saying it's good practice, but I don't see an actual vulnerability. I agree with everything else you said; nicely put. -- Matt _______________________________________________ certid mailing list [email protected] https://www.ietf.org/mailman/listinfo/certid
