From mboxrd@z Thu Jan  1 00:00:00 1970
From: erik quanstrom <quanstro@quanstro.net>
Date: Sat, 23 Jan 2010 20:18:40 -0500
To: 9fans@9fans.net
Message-ID: <40f353c957e2ac20128c149f8bb178aa@ladd.quanstro.net>
In-Reply-To: <dd6fe68a1001231711u6157bbdcv42c564722749b9de@mail.gmail.com>
References: <4B57048D.6040002@maht0x0r.net>
	<4f34febc1001231559s3ffb6037o2a193bf4689b961@mail.gmail.com>
	<eeae7618fa33fc4dd4519a70b4ed354f@ladd.quanstro.net>
	<dd6fe68a1001231652sbc2692bh75559cf7cca58ef6@mail.gmail.com>
	<8094c7f53bad7b2e0bed09ec4bfd41dc@ladd.quanstro.net>
	<dd6fe68a1001231711u6157bbdcv42c564722749b9de@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
Subject: Re: [9fans] Are we ready for DNSSEC ?
Topicbox-Message-UUID: c5b8632c-ead5-11e9-9d60-3106f5b1d025

> > doesn't work with the recent renegotiation bug.
>
> disable renegotiation.
>
> > but i don't
> > think one can dismiss dns as a non-issue.
>
> dns is a non-issue if the rest of ssl is working.
> dns is irrelevant if it isn't.

the renegotiation bug is a protocol flaw.  i'm
not so sure i trust ssl enough to decide i don't
care of dns gets hijacked.

- erik