On Feb 24, 2014, at 10:28 AM, DTNX Postmaster <[email protected]> wrote:
> I've been wondering whether DNSSEC would provide any mitigation for > such an attack, if there validating resolver between me and the > attacker? Not in this case. The Apple bug allows an MITM to use the real certificate for the attacked site, while simply making up a private key. Paul W's incorrect answer assumes a bug where the MITM needs to have a valid certificate. That is the most common case, but not the one relevant here; the Apple bug allowed a certificate for which the private key didn't match. --Paul Hoffman _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
