> > doesn't work with the recent renegotiation bug. > > disable renegotiation. > > > but i don't > > think one can dismiss dns as a non-issue. > > dns is a non-issue if the rest of ssl is working. > dns is irrelevant if it isn't.
the renegotiation bug is a protocol flaw. i'm not so sure i trust ssl enough to decide i don't care of dns gets hijacked. - erik