RE: VeriSign feedback/comments on STS -06

> -----Original Message-----
> From: [mailto:public-web-security-
>] On Behalf Of Henrik Nordström
> Sent: Tuesday, May 18, 2010 3:55 AM
> Subject: Re: VeriSign feedback/comments on STS -06
> mån 2010-05-17 klockan 19:40 -0500 skrev
> > Henrik, what you are proposing is a solution to a different problem,
> > here we are concerned about webowners wanting their HTTP content to
> be
> > served only via a secure layer (HTTPS).
> I disagree that the problem is different. When looking at problems like this
> you need to look at the effect of the problem on the whole stack, not blindly
> look at only one spot.

For reference, a previous spec presented for DNS storage of this information can be found here:

I haven't given it a thorough analysis yet nor have I looked for one either.

Andy Steingruebl
PayPal Information Risk Management

Received on Tuesday, 18 May 2010 13:03:12 UTC