On 27 Feb 2015, at 10:56, Eliot Lear <lear(_at_)cisco(_dot_)com> wrote:
Given a slightly modified example from your document:
$ORIGIN example.net.
_http._web IN URI 10 1 "httpS://www.example.com/"
If the intent here is to declare an equivalence between
http://example.com and https://www.example.com the problem is that
absent DNSSEC one is subject to a downgrade attack. Thus a browser
cannot trust the equivalence.
Absolutely!
I get that, completely.
I wanted to know what is so special about URI that SRV and MX do _not_ have.
I was surprised I was coming up with some _NEW_ attack vector.
Patrik
signature.asc
Description: Message signed with OpenPGP using GPGMail