On May 4, 2014, at 6:39 PM, Jeffrey Goldberg <[email protected]> wrote:
> On 2014-05-03, at 3:22 AM, <[email protected]> <[email protected]> wrote: > >> Frankly, if we could "trust" in DNS, we would not need to "trust" in >> web-PKIX [2] - since the one is just the bandaid for the other. > > Have you forgotten that routing can be subverted? > > Just because you are talking to the right IP address doesn’t mean > you are talking the right host. That is why signatures exist. With DNSChain and DNSCrypt, for example, you will know whether you're talking to the right host, and no IP-based routing or filtering can affect that. Cheers, Greg -- Please do not email me anything that you are not comfortable also sharing with the NSA.
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
