[dns-operations] security-aware stub resolver

Michael Monnerie michael.monnerie at it-management.at
Fri May 23 11:16:59 UTC 2008

On Freitag, 23. Mai 2008 Florian Weimer wrote:
> We need DNSSEC, but application behavior cannot depend on whether
> data from DNS has passed DNSSEC validation or not.

If the answer is from "normal" DNS, the browser could display the URL in 
yellow. If from DNSSEC and valid, it's green. But red when DNSSEC and 
not valid.
Just like it is for non valid HTTPS Certs right now, at least in 
Firefox. DNS should get similar security awareness.

mfg zmi
// Michael Monnerie, Ing.BSc    -----      http://it-management.at
// Tel: 0676/846 914 666                      .network.your.ideas.
// PGP Key:         "curl -s http://zmi.at/zmi.asc | gpg --import"
// Fingerprint: AC19 F9D5 36ED CD8A EF38  500E CE14 91F7 1C12 09B4
// Keyserver: www.keyserver.net                   Key-ID: 1C1209B4
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 194 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20080523/c2b13145/attachment.sig>

More information about the dns-operations mailing list