> On 27 Feb 2015, at 10:56, Eliot Lear <lear@xxxxxxxxx> wrote: > > Given a slightly modified example from your document: > > $ORIGIN example.net. > _http._web IN URI 10 1 "httpS://www.example.com/" > > If the intent here is to declare an equivalence between > http://example.com and https://www.example.com the problem is that > absent DNSSEC one is subject to a downgrade attack. Thus a browser > cannot trust the equivalence. Absolutely! I get that, completely. I wanted to know what is so special about URI that SRV and MX do _not_ have. I was surprised I was coming up with some _NEW_ attack vector. Patrik
Attachment:
signature.asc
Description: Message signed with OpenPGP using GPGMail