Gervase Markham wrote, On 2008-08-22 02:17: > Eddy Nigg wrote: >> Well, I don't agree with the statements above. It really depends what >> kind of DNS attack it is and how prepared the CA is and what the CA does >> about it. > > Exactly my point. If the CA's DNS is secure, the EV system is safe.
And, of course, the statement "CA's DNS is secure" means more than just "the CA's DNS server is patched". It also means: every DNS server on which the CA's DNS server relies in the course of resolving external DNS records, must also be patched". It's not clear to me that ANY CA can truthfully claim to be immune to all DNS attacks for all domains. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
