24 Jul
2008
24 Jul
'08
9:02 a.m.
Once upon a time, Robert Kisteleki <robert@ripe.net> said:
I understand this is a huge can of worms, but maybe it's time to change the default behavior of browsers from http to https...?
This is a _DNS_ vulnerability. The Internet is more than HTTP(S). Think about email (how many MTAs do TLS and validate the certs?). Even things like BitTorrent require valid DNS (how about MPAA/RIAA poisoning the cache for thepiratebay?). -- Chris Adams <cmadams@hiwaay.net> Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.