attack
Click on the red underlined text to get to the source
... valid based on the same site certificate.
Otherwise, an attacker could modify the DNS records to contain
replacement values in a different domain ...
... client to discover that the
server supports TLS. An attacker could potentially modify these
records, resulting in a client using a non-secure ...
... sips URI scheme,
which is always sent only over TLS. An attacker cannot force a bid
down through deletion or modification of DNS records. In the worst
...
... TLS at all.
The bid down attack can also be mitigated through caching. A client
which frequently contacts the same domain ...
... records were present, but in later queries cease to appear, it is a
sign of a potential attack. In this case, the client SHOULD generate
some kind of alert ...
... downgraded security. There is very little that can be done to
prevent such attacks. Clients are simply dependent on proxy servers
...