----- Original Message ----- > On 30.6.2015 13:53, Bastien Nocera wrote: > > > > > > ----- Original Message ----- > >> On 30.06.2015 11:24, Tomas Hozza wrote: > > <snip> > >>> It means that the site of your bank you are on may not be provided the > >>> actual host you should be connected to, but instead by some attacker's. > >>> The insecure mode means that you are vulnerable in the same way as the > >>> plain DNS is. So you are insecure even now if you don't use DNSSEC > >>> without realizing it. > >> > >> Except if your bank is using https and you connected to it that way, and > >> you have unbroken CA roots. and so on ... > >> > >> The combinatorial explosion of states between "insecure" (someone just > >> stole my money) and "secure" (the NSA be crying because they can't touch > >> this) ... means you end up with about NNNN posibilities to explain to > >> the user. > >> > >> It's not possible to represent all of this in a dialog. We'd have to > >> print a book and mail to to the user. > > > > Which means that it needs to be opt-in for us not to have "unbreak my > > Internet" > > buttons in the UI. Once DNSSEC is more widely deployed and we can safely > > assume that the majority of the Internet is used it, we can toggle it on. > > I'm afraid that this is the argument stopping DNSSEC from deployment, the > usual chicken-egg problem. 'We cannot turn it on and be first because ... we > do not know what will happen.' > > Does Fedora still hold to 'First'? Do we want to improve overall security? > Where is the line? What you're asking users is to make a decision that they couldn't possibly understand, with security ramifications that you can't explain succinctly. Here's an analogy: we disable IPv4 by default, enable only IPv6, and when IPv6 fails on a particular network, you try to explain that they can't connect because IPv4 is insecure and toggle IPv4 on, and here be dragons. We're not going to enable DNSSEC by default if we can't figure out how to present the lack of it to users, and explain it. At least, a toggle in the Network configuration should help security conscious users enable it easily, and be the start of desktop integration. -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
