Klaus Darilion writes: > The second problem: RFC3263 also states that by validating the domain in > the certificate it is possible to detect hacked nameserver entries. But > with your suggestion (using only a host certificate), this wouldn't be > possible. name server entries should be protected by dns means, not later by application means. -- juha