On 2/10/11 3:33 PM, Eddy Nigg wrote:
On 02/10/2011 08:51 PM, From Stephen Schultze:
As I have said repeatedly (and you have never addressed) the CA DV
model relies on DNS and thus imports any vulnerabilities that exist in
a DNS-based model. CA DV blindly trusts DNS.
That's exactly your mistake, you are not correct.
The only thing it can do relative to a pure-DNS approach is add more
vulnerabilities.
Absolutely not - another mistake. Performing a validation check is only
one part of the story and DNSSEC *might* help to improve that part,
that's all what me concerns. As mentioned there is more into it, even if
you deny it.
Until you actually explain why you think it's not correct that DV relies
on DNS, or what beyond domain validation that you think DV actually
does, there's really nothing to respond to.
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
