Yes, it will be a big problem if someone spoof DNS, but it can prevent man-in-the-middle to some extent. If the DNS is sabotaged, what can we do? What should I believe? :-)
The point is that if you trust the user -- you should, after all you are doing what they requested you to do -- than you don't have to trust DNS and, in fact, can tell if it's been compromised.
Doesn't get any better than that.
/r$______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
