[dns-operations] security-aware stub resolver
fw at deneb.enyo.de
Fri May 23 13:58:39 UTC 2008
* Michael Monnerie:
> On Freitag, 23. Mai 2008 Florian Weimer wrote:
>> We need DNSSEC, but application behavior cannot depend on whether
>> data from DNS has passed DNSSEC validation or not.
> If the answer is from "normal" DNS, the browser could display the URL in
> yellow. If from DNSSEC and valid, it's green. But red when DNSSEC and
> not valid.
> Just like it is for non valid HTTPS Certs right now, at least in
> Firefox. DNS should get similar security awareness.
What kind of awareness is promited by the padlock sign for the following
(Provided that it gets through your spam filter. 8-P)
Transport security is not a useful indicator, and a DNS-based one
wouldn't help much, either.
More information about the dns-operations