On Tue, 30 Jun 2015, Michael Catanzaro wrote:
I'm confused on one point: why would the user ever want to turn off DNSSEC validation (except to get past a for captive portal)? It sounds like you have no shortage of safeguards in place to make sure this always works: for it to break the user would have to be on a network that doesn't support DNSSEC, that blocks VPN, with the Fedora infrastructure down, right? I think it's OK to fail connections in that case (provided we have a story for captive portals).
As a frequent traveler, I do have at times needed to go 'insecure' because VPN was blocked and DNS transparently redirected to a very broken server. In fact, right now this is happening to me, where all A records have no RRSIG and the entire root server list is stuffed in the additional section :P
What we basically do not want is to give the user an option for turning a security feature off.
That's the same as saying remove the "continue anyway" frmo the browser. Only the human can determine if it is more important to be online insecurely or offline securely. At least we can hope when they click insecure that they won't go login to their banking site :P Paul -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
