> if the goal is avoiding ssl mitm attacks,
> dns is the least of your worries. a mitm will
> just take over the connection attempt for the
> actual ip address.  the solution there is
> to implement proper ssl certificate chain checking.

doesn't work with the recent renegotiation bug.
it's a server attack, not a client attack.  but i don't
think one can dismiss dns as a non-issue.

- erik

Reply via email to