Lennart Poettering <mzerqung@xxxxxxxxxxx> wrote: > On Mon, 07.12.15 15:31, Björn Persson (Bjorn@rombobjörn.se) wrote: > > > Lennart Poettering <mzerqung@xxxxxxxxxxx> wrote: > > > You *have* to use the local DNS servers by default, even if they are > > > crap. > > > > I for one want my laptop to be suspicious of random DNS servers it > > encounters in public places, and bypass them if they're found to be > > lying. > > Well, if you are knoweledgeable enough to understand the problem, then > you hould also be able to install/configure dnssec yourself. But I am > pretty sure that the typical user is neither knowledgeable enough > about this to make the decision, nor does he really care... You are right about the typical user. This is what happens to the typical user as a result: http://swiftonsecurity.tumblr.com/post/98675308034/a-story-about-jessica Is it Jessica's fault that she doesn't know what a DNS server is, or that it can lie to her? Is it her fault that she has never heard about DNSsec, or PGP, or OPENPGPKEY records? Is it her fault that her email program doesn't bring those pieces together to authenticate incoming mail? Or do we programmers have some responsibility to provide Jessica with software that at least tries to keep her secure? Björn Persson -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx http://lists.fedoraproject.org/admin/lists/devel@xxxxxxxxxxxxxxxxxxxxxxx
