<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
  <meta content="text/html;charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
John Panzer wrote:<br>
<blockquote cite="mid:469FFA12.40004@acm.org" type="cite"><br>
If you use https throughout, the DNS attack will fail because
  <a moz-do-not-send="true" class="moz-txt-link-freetext"
 href="https://foo.blogspot.com">https://foo.blogspot.com</a> can't
present a valid certificate for
foo.blogspot.com.</blockquote>
Correct!<br>
<br>
<div class="moz-signature">-- <br>
<div><font face="Arial" size="2">Regards</font></div>
<div><font face="Arial" size="2"> </font></div>
<div><font face="Arial" size="2">Signer:      Eddy Nigg, StartCom Ltd.</font></div>
<div><font face="Arial" size="2">Jabber:      <a class="moz-txt-link-abbreviated" href="mailto:startcom@startcom.org">startcom@startcom.org</a></font></div>
<div><font face="Arial" size="2">Phone:       +1.213.341.0390</font></div>
</div>
</body>
</html>