hat tip to .gov hostmasters

Florian Weimer fweimer at bfk.de
Mon Sep 22 10:24:00 CDT 2008


* marcus sachs:

> While we wait for applications to become DNSSEC-aware,

Uhm, applications shouldn't be DNSSEC-aware.  Down that road lies
madness.  What should an end user do when the browser tells him,
"Warning: Could not validate DNSSEC signature on www.example.com,
signature has expired.  Continue to connect?"

-- 
Florian Weimer                <fweimer at bfk.de>
BFK edv-consulting GmbH       http://www.bfk.de/
Kriegsstraße 100              tel: +49-721-96201-1
D-76133 Karlsruhe             fax: +49-721-96201-99




More information about the NANOG mailing list