> if the goal is avoiding ssl mitm attacks, > dns is the least of your worries. a mitm will > just take over the connection attempt for the > actual ip address. the solution there is > to implement proper ssl certificate chain checking.
doesn't work with the recent renegotiation bug. it's a server attack, not a client attack. but i don't think one can dismiss dns as a non-issue. - erik