Oh, and I'm sure we're taking patches for DNSSec support in Firefox.
Aren't we?
No, but its a good idea.
Yes, and actually, SSL goes much further than DNSsec. The latter is
good to prevent DNS spoofs and is much-needed, but it does nothing to
protect the content.
Actually, you could protect the content by storing a certificate in a
DNS record, couldn't you?
DNS being really insecure, what would the point be in storing the cert
in the DNS record? I realize this is how DomianKeys and SPF work, but
again, I have presented this to those folks as well, and to the openid
people. Anything that relies on DNS for security is forgetting that DNS
is REALLY insecure.
_______________________________________________
dev-security mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security
