On Tue, Mar 05, 2013 at 06:29:26PM +0000, Viktor Dukhovni wrote: > Lemma. If the attacker has compomised the DNS to the extent that > he can sign new RRsets that the domain owner never signed, he wins, > whether the client checks names or not.
If the attacker actually has control of the domain, all bets are off. I fail to see how this is an interesting case. A -- Andrew Sullivan [email protected] _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
