22 Sep
2008
22 Sep
'08
11:30 a.m.
On Mon, Sep 22, 2008 at 05:24:00PM +0200, Florian Weimer wrote:
* marcus sachs:
While we wait for applications to become DNSSEC-aware,
Uhm, applications shouldn't be DNSSEC-aware. Down that road lies madness. What should an end user do when the browser tells him, "Warning: Could not validate DNSSEC signature on www.example.com, signature has expired. Continue to connect?"
-- Florian Weimer <fweimer@bfk.de>
actually, I am really hoping that at least one API is standardized so that applications can use DNSSEC data. We never finished the discussion on fail/open fail/closed wrt DNSSEC. --bill