Re: hat tip to .gov hostmasters

• From: bmanning
• Date: Mon Sep 22 11:32:14 2008

• List-archive: <http://mailman.nanog.org/pipermail/nanog>
• List-help: <mailto:[email protected]?subject=help>
• List-id: North American Network Operators Group <nanog.nanog.org>
• List-post: <mailto:[email protected]>
• List-subscribe: <http://mailman.nanog.org/mailman/listinfo/nanog>, <mailto:[email protected]?subject=subscribe>
• List-unsubscribe: <http://mailman.nanog.org/mailman/listinfo/nanog>, <mailto:[email protected]?subject=unsubscribe>

On Mon, Sep 22, 2008 at 05:24:00PM +0200, Florian Weimer wrote:
> * marcus sachs:
> 
> > While we wait for applications to become DNSSEC-aware,
> 
> Uhm, applications shouldn't be DNSSEC-aware.  Down that road lies
> madness.  What should an end user do when the browser tells him,
> "Warning: Could not validate DNSSEC signature on www.example.com,
> signature has expired.  Continue to connect?"
> 
> -- 
> Florian Weimer                <[email protected]>


	actually, I am really hoping that at least one API
	is standardized so that applications can use DNSSEC 
	data.  We never finished the discussion on fail/open
	fail/closed wrt DNSSEC.

--bill

• Follow-Ups:
  • Re: hat tip to .gov hostmasters Edward Lewis

• References:
  • hat tip to .gov hostmasters Scott Francis
  • Re: hat tip to .gov hostmasters Jason Frisvold
  • Re: hat tip to .gov hostmasters Florian Weimer
  • Re: hat tip to .gov hostmasters Colin Alston
  • Re: hat tip to .gov hostmasters Florian Weimer
  • RE: hat tip to .gov hostmasters marcus.sachs
  • Re: hat tip to .gov hostmasters Florian Weimer

• Prev by Date: Re: hat tip to .gov hostmasters
• Next by Date: Re: hat tip to .gov hostmasters
• Date Index
• Thread Index
• Author Index
• Historical