- From: Henrik Nordström <henrik@henriknordstrom.net>
- Date: Tue, 18 May 2010 01:14:59 +0200
- To: Michal Zalewski <lcamtuf@coredump.cx>
- Cc: "public-web-security@w3.org" <public-web-security@w3.org>
mån 2010-05-17 klockan 14:34 -0700 skrev Michal Zalewski: > This would make it difficult to enroll (requiring changing all certs). Which is something you do anyway fairly frequently (every year or so) > The first part is true also in the current model, if the user first > navigates to http://, rather than https://; but at least, it gives you > some choice. The second attack is much harder for TCP than it is for > DNS over UDP. Personally I consider DNS over UDP flawed beyond repair, at least until DNSSec is properly in place and verified, but probably even after that... Regards Henrik
Received on Monday, 17 May 2010 23:15:34 UTC