- From: Mark Nottingham <mnot@mnot.net>
- Date: Sat, 30 Jul 2011 07:48:04 -0700
- To: Henrik Nordström <henrik@henriknordstrom.net>
- Cc: HTTP Working Group <ietf-http-wg@w3.org>, Lisa Dusseault <lisa.dusseault@gmail.com>
Thanks, Henrik. On 29/07/2011, at 4:12 PM, Henrik Nordström wrote: > So here is another proposal. Shorten and rewrite p1 4.2 as follows > > Clients using HTTP rely heavily on the Domain Name Service, and > are thus generally prone to security attacks based on the > deliberate misassociation of IP addresses and DNS names not > protected by DNSSec. Clients need to be cautious in assuming the > validity of an IP number/DNS name association unless the > response is protected by DNSSec. I like this one; others? -- Mark Nottingham http://www.mnot.net/
Received on Saturday, 30 July 2011 14:48:30 UTC