On Fri, 2015-06-12 at 12:17 -0500, Dan Williams wrote:
> > dnssec-trigger prompts the user with a choice of "allow insecure
> > DNS" or
> > "cache only mode". The latter means "no new DNS and use what's
> > already
> > in the cache only".
>
> Yeah, and the interaction story here has been controversial for a
> long
> time. The GNOME team certainly has ideas about how it should work,
> which are partly shown by the current hotspot/portal implementation
> in
> GNOME Shell. I'll let them discuss these ideas since NM is not
> involved
> in the higher-level UI story here, just the mechanics of providing
> "might this be a portal" to any NM client, GNOME Shell included.
Hi. In general, prompts along the lines of "do insecure thing [yes]
[no]" are a big no-no. You should either always do the insecure thing
(if it really must be allowed) or never do the insecure thing
(preferably), but prompting the user to make a confusing security
decision is not OK.
In this case I assume always failing the connection is the right thing
to do, as to do otherwise would defeat the purpose of this feature. If
we could automatically display some very basic troubleshooting steps
("call your ISP and tell them xyz"), that would be good too. But I
presume it's unlikely that every workaround will fail and the user is
stuck without DNS? Hopefully that would be rare. If it's not and the
user really must be given a choice to allow insecure DNS, then maybe
the world just isn't ready for DNSSEC yet....
--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
