Eddy Nigg wrote: > Because CAs (SHOULD) have controls in place to prevent that.
Well, of course. But if another vulnerability in DNS is discovered like the recent one, no amount of "controls" is going to help for the period during which the Internet remains unpatched (assuming it's fixable at all - the flaw might be by design). Gerv _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto