From mboxrd@z Thu Jan  1 00:00:00 1970
MIME-Version: 1.0
In-Reply-To: <e501cce65dc902858110bb028ab5314c@ladd.quanstro.net>
References: <4B57048D.6040002@maht0x0r.net>
	 <4f34febc1001231559s3ffb6037o2a193bf4689b961@mail.gmail.com>
	 <eeae7618fa33fc4dd4519a70b4ed354f@ladd.quanstro.net>
	 <dd6fe68a1001231652sbc2692bh75559cf7cca58ef6@mail.gmail.com>
	 <8094c7f53bad7b2e0bed09ec4bfd41dc@ladd.quanstro.net>
	 <dd6fe68a1001231711u6157bbdcv42c564722749b9de@mail.gmail.com>
	 <40f353c957e2ac20128c149f8bb178aa@ladd.quanstro.net>
	 <f4d8fa41001240519n5898a98cv26d100ad779415e1@mail.gmail.com>
	 <e501cce65dc902858110bb028ab5314c@ladd.quanstro.net>
Date: Sun, 24 Jan 2010 13:49:30 -0800
Message-ID: <dd6fe68a1001241349t5584fecaj10d646547a4c56ce@mail.gmail.com>
Subject: Re: [9fans] Are we ready for DNSSEC ?
From: Russ Cox <rsc@swtch.com>
To: Fans of the OS Plan 9 from Bell Labs <9fans@9fans.net>
Content-Type: text/plain; charset=UTF-8
Topicbox-Message-UUID: c63a6912-ead5-11e9-9d60-3106f5b1d025

you are changing the topic.

your original mail claimed to be worried
about man-in-the-middle attacks.  that means
the attacker can respond to arbitrary traffic;
the fact that you can verify the dns response
is irrelevant if when you try to connect to the
correct ip address the attacker handles it
and you don't take advantage of ssl certificates
to catch that.

russ