From mboxrd@z Thu Jan 1 00:00:00 1970 Date: Sun, 24 Jan 2010 12:12:53 -1000 From: Tim Newsham To: Fans of the OS Plan 9 from Bell Labs <9fans@9fans.net> In-Reply-To: Message-ID: References: <4B57048D.6040002@maht0x0r.net> <4f34febc1001231559s3ffb6037o2a193bf4689b961@mail.gmail.com> <8094c7f53bad7b2e0bed09ec4bfd41dc@ladd.quanstro.net> <40f353c957e2ac20128c149f8bb178aa@ladd.quanstro.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Subject: Re: [9fans] Are we ready for DNSSEC ? Topicbox-Message-UUID: c6476752-ead5-11e9-9d60-3106f5b1d025 > you are changing the topic. > > your original mail claimed to be worried > about man-in-the-middle attacks. that means > the attacker can respond to arbitrary traffic; > the fact that you can verify the dns response > is irrelevant if when you try to connect to the > correct ip address the attacker handles it > and you don't take advantage of ssl certificates > to catch that. True, unless DNS provides a certificate that is bound to the session in some way. > russ Tim Newsham | www.thenewsh.com/~newsham | thenewsh.blogspot.com