16 Sep
2003
16 Sep
'03
2:08 p.m.
On Tue, 16 Sep 2003 09:59:40 PDT, bmanning@karoshi.com said:
DNSsec will work properly with wildcards, regardless of where they are in the DNS.
Which means that a rogue DNS can lead you down the garden path and DNSsec won't give you a clue that you're being lied to. It's the same question as the "what happens to SSL to a phantom site?" - Verisign can provide an A record for the server and an SSL cert that will work.
thats one aspect yes. the valdiation chain should tell you who signed the delegations. It won't lie. you will know that V'sign put that data there. --bill