On Sep 11, 2011, at 9:25 AM, Thierry Moreau wrote: > > E.g. http://datatracker.ietf.org/wg/dane/ (DNS-based Authentication of Named > Entities (dane))
Which makes a huge assumption about DNS SEC that is just not realistic. Namely, the one I just mentioned, that end clients would actually be validating. Meaning that the MITM I mentioned becomes hilariously effective in the vast majority of scenarios where the clients themselves are not doing the validating. Giving a nice illusion of additional verification with no substance.
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
