[dns-operations] security-aware stub resolver

Florian Weimer fw at deneb.enyo.de
Fri May 23 13:58:39 UTC 2008

* Michael Monnerie:

> On Freitag, 23. Mai 2008 Florian Weimer wrote:
>> We need DNSSEC, but application behavior cannot depend on whether
>> data from DNS has passed DNSSEC validation or not.
> If the answer is from "normal" DNS, the browser could display the URL in 
> yellow. If from DNSSEC and valid, it's green. But red when DNSSEC and 
> not valid.
> Just like it is for non valid HTTPS Certs right now, at least in 
> Firefox. DNS should get similar security awareness.

What kind of awareness is promited by the padlock sign for the following


(Provided that it gets through your spam filter. 8-P)

Transport security is not a useful indicator, and a DNS-based one
wouldn't help much, either.

More information about the dns-operations mailing list