In article <[email protected]> you write: >On 2014-05-03, at 3:22 AM, <[email protected]> <[email protected]> wrote: > >> Frankly, if we could "trust" in DNS, we would not need to "trust" in >> web-PKIX [2] - since the one is just the bandaid for the other. > >Have you forgotten that routing can be subverted? > >Just because you are talking to the right IP address doesn�t mean >you are talking the right host.
Sure, but if the cert it presents has the hash in the DNSSEC signed DANE record, it does. R's, John
_______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
