On Tue, 27 Sep 2011 09:27:00 EDT, Christopher Morrow said: > On Tue, Sep 27, 2011 at 7:50 AM, Jimmy Hess <mysi...@gmail.com> wrote:
> > I would rather see DNSSEC and TLS/HTTPS get implemented end to end. > > how does tls/https help here? if you get sent to the 'wrong host' > whether or not it does https/tls is irrelevant, no? (save the case of > chrome and domain pinning) Well, actually, Chrome-like domain pinning and/or using DNSSEC to verify the provenance of an SSL cert is the whiole reason Jimmy probably wants DNSSEC and TLS...Unless you do that sort of stuff, there's no way to *tell* if you ended up at the wrong host...
pgpKfrJMB4jDb.pgp
Description: PGP signature
