From mboxrd@z Thu Jan 1 00:00:00 1970 MIME-Version: 1.0 In-Reply-To: <40f353c957e2ac20128c149f8bb178aa@ladd.quanstro.net> References: <4B57048D.6040002@maht0x0r.net> <4f34febc1001231559s3ffb6037o2a193bf4689b961@mail.gmail.com> <8094c7f53bad7b2e0bed09ec4bfd41dc@ladd.quanstro.net> <40f353c957e2ac20128c149f8bb178aa@ladd.quanstro.net> Date: Sun, 24 Jan 2010 14:19:33 +0100 Message-ID: From: hiro <23hiro@googlemail.com> To: Fans of the OS Plan 9 from Bell Labs <9fans@9fans.net> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Subject: Re: [9fans] Are we ready for DNSSEC ? Topicbox-Message-UUID: c5d35f38-ead5-11e9-9d60-3106f5b1d025 so you need to have a more "secure" dns because you don't trust your ssl? On Sun, Jan 24, 2010 at 2:18 AM, erik quanstrom wro= te: >> > doesn't work with the recent renegotiation bug. >> >> disable renegotiation. >> >> > but i don't >> > think one can dismiss dns as a non-issue. >> >> dns is a non-issue if the rest of ssl is working. >> dns is irrelevant if it isn't. > > the renegotiation bug is a protocol flaw. =C2=A0i'm > not so sure i trust ssl enough to decide i don't > care of dns gets hijacked. > > - erik > >