On 30.06.2015 16:50, Tomas Hozza wrote: > > > On 30.06.2015 16:07, Michael Catanzaro wrote: >> On Tue, 2015-06-30 at 14:23 +0200, Tomas Hozza wrote: >>> Except that this is exactly what we DON'T want to do. DNSSEC is an >>> extension of DNS and it can be used even without the need for the >>> whole >>> Internet to be signed. We want to use it even if the network-provided >>> DNS resolvers don't support DNSSEC. >> >> I'm confused on one point: why would the user ever want to turn off >> DNSSEC validation (except to get past a for captive portal)? It sounds >> like you have no shortage of safeguards in place to make sure this >> always works: for it to break the user would have to be on a network >> that doesn't support DNSSEC, that blocks VPN, with the Fedora >> infrastructure down, right? I think it's OK to fail connections in that >> case (provided we have a story for captive portals). >> >> What we basically do not want is to give the user an option for turning >> a security feature off. Right. The UI is what people are balking against. > Thank you for explanation. In that case we don't need any UI integration > for this. Even though we use dnssec-trigger daily on our machines, we > wanted to give the user a way to disable the feature if needed without > the root access. This is more of a precaution in case something is > broken and we didn't know about it. So this should then become a network setting and go into NetworkManager then, as one of its many options, and sit next to other DNS settings? Non-root users can perform limited network configuration (think wifi passwords and friends), so this isn't such a stretch. Stef -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
