Nelson Bolyard wrote: > On the other hand, it is possible that the domain validation was performed > but that it was deceived through the use of DNS attacks. In his slides > on the subject of DNS attacks, Dan Kaminsky did say that it was possible > to deceive domain validation through DNS attacks.
I think domain validation could be deceived using DNS attacks, but in this case this was apparently not necessary: http://www.networkworld.com/community/node/30822 "Michael started his talk by detailing how he was able to purchase a certificate from a major CA with a FQDN of an existing fortune 500 company’s website! How you ask is this possible, well when filling out the request form he simply checked the box that stated that the certificate was not going to be used on the internet and was for internal testing only." _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
