|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Verisign brain damage and DNSSec.....Was:Re: What *are* they smoking?
> On Tue, 16 Sep 2003 09:59:40 PDT, [email protected] said: > > DNSsec will work properly with wildcards, regardless of where they are > > in the DNS. > > Which means that a rogue DNS can lead you down the garden path and > DNSsec won't give you a clue that you're being lied to. It's the same > question as the "what happens to SSL to a phantom site?" - Verisign can > provide an A record for the server and an SSL cert that will work. thats one aspect yes. the valdiation chain should tell you who signed the delegations. It won't lie. you will know that V'sign put that data there. --bill
|