> In MinimaLT, the current ephemeral key for the server is added to > the DNS record fetched during the DNS lookup. These entries expire fairly > quickly, ensuring that old keys are never used.
Can you compare the TTL of the ephemeral key record with the A/AAAA record TTL? Are they related? If someone can get phony records into DNS, can they then become the real MLT server? For how long? -- Senior Architect, Akamai Technologies IM: richs...@jabber.at Twitter: RichSalz _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
