[108000] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: hat tip to .gov hostmasters

daemon@ATHENA.MIT.EDU (bmanning@vacation.karoshi.com)
Mon Sep 22 11:32:17 2008

Date: Mon, 22 Sep 2008 15:30:44 +0000
From: bmanning@vacation.karoshi.com
To: Florian Weimer <fweimer@bfk.de>
In-Reply-To: <82ljxkjjan.fsf@mid.bfk.de>
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org

On Mon, Sep 22, 2008 at 05:24:00PM +0200, Florian Weimer wrote:
> * marcus sachs:
> 
> > While we wait for applications to become DNSSEC-aware,
> 
> Uhm, applications shouldn't be DNSSEC-aware.  Down that road lies
> madness.  What should an end user do when the browser tells him,
> "Warning: Could not validate DNSSEC signature on www.example.com,
> signature has expired.  Continue to connect?"
> 
> -- 
> Florian Weimer                <fweimer@bfk.de>


	actually, I am really hoping that at least one API
	is standardized so that applications can use DNSSEC 
	data.  We never finished the discussion on fail/open
	fail/closed wrt DNSSEC.

--bill


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[108000] in North American Network Operators' Group

Re: hat tip to .gov hostmasters

daemon@ATHENA.MIT.EDU (bmanning@vacation.karoshi.com)Mon Sep 22 11:32:17 2008

daemon@ATHENA.MIT.EDU (bmanning@vacation.karoshi.com)
Mon Sep 22 11:32:17 2008