On 02/10/2011 08:51 PM, From Stephen Schultze:
As I have said repeatedly (and you have never addressed) the CA DV model relies on DNS and thus imports any vulnerabilities that exist in a DNS-based model. CA DV blindly trusts DNS.
That's exactly your mistake, you are not correct.
The only thing it can do relative to a pure-DNS approach is add more vulnerabilities.
Absolutely not - another mistake. Performing a validation check is only one part of the story and DNSSEC *might* help to improve that part, that's all what me concerns. As mentioned there is more into it, even if you deny it.
I'm not ranting against you. I'm trying to focus the discussion on actual claims and verifiable facts.
Good. -- Regards Signer: Eddy Nigg, StartCom Ltd. XMPP: start...@startcom.org Blog: http://blog.startcom.org/ Twitter: http://twitter.com/eddy_nigg -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
