From mboxrd@z Thu Jan  1 00:00:00 1970
Message-ID: <4B5E02E0.9040000@authentrus.com>
Date: Mon, 25 Jan 2010 15:45:20 -0500
From: Wes Kussmaul <wes@authentrus.com>
User-Agent: Thunderbird 2.0.0.23 (Windows/20090812)
MIME-Version: 1.0
To: Fans of the OS Plan 9 from Bell Labs <9fans@9fans.net>
References: <4B57048D.6040002@maht0x0r.net>	<4f34febc1001231559s3ffb6037o2a193bf4689b961@mail.gmail.com>	<eeae7618fa33fc4dd4519a70b4ed354f@ladd.quanstro.net>	<dd6fe68a1001231652sbc2692bh75559cf7cca58ef6@mail.gmail.com>	<8094c7f53bad7b2e0bed09ec4bfd41dc@ladd.quanstro.net>	<dd6fe68a1001231711u6157bbdcv42c564722749b9de@mail.gmail.com>
	<Pine.BSI.4.64.1001240810080.5454@malasada.lava.net>
In-Reply-To: <Pine.BSI.4.64.1001240810080.5454@malasada.lava.net>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [9fans] Are we ready for DNSSEC ?
Topicbox-Message-UUID: c77c865c-ead5-11e9-9d60-3106f5b1d025

Tim Newsham wrote:
>> dns is a non-issue if the rest of ssl is working.
>> dns is irrelevant if it isn't.
>
> Except when SSL has chinks in its armor.  Like incidents of
> certificate authorities being convinced to give out certs for
> domains that don't belong to the requestor.

http://instigations.com/fudili/certsetc.html (scroll down)