> On Jan 23, 2015, at 1:05 PM, Poul-Henning Kamp <[email protected]> wrote: > > The CRC protects against the common risks (lying DNS resolvers), we > don't need more than that.
The CRC shows that you have internally consistent data. It really only catches DNS servers that tell lies for the purpose of redirecting traffic. It wouldn’t catch a crafty DNS server that was telling a coherent lie for nefarious purposes. Warner _______________________________________________ LEAPSECS mailing list [email protected] https://pairlist6.pair.net/mailman/listinfo/leapsecs
