Am 11.12.2015 um 15:09 schrieb Paul Wouters:
On 12/09/2015 06:02 PM, Oron Peled wrote:Why don't we plan this feature in two stages: * Fedora 24: turn it on by default, but *keep using results* from bad DNS servers, just issue a user-visible warning, possibly with a link to a page with friendly explanation and suggestions for further action.DNS lookups don't have users like web browsers
and there is *no* safe and clean way to solve thatsince it's the DNS server it *could* return in such case a dedicated IP to a site which accepts every host header and explains what have happened - BUT that won't work with HTTPS sites, they wuld end just in another warning AND NO don't come with the idea install a Fedora certificate like Dell did it short ago
the problem here is that the browser would send it's cookies from previous visits there so it's not possible for security/privacy reasons and since DNS don't cover ports there can also not be a tiny process on the local machine with a embedded webserver easily, the user could have run it's own webserver which must not be replaced
Attachment:
signature.asc
Description: OpenPGP digital signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx http://lists.fedoraproject.org/admin/lists/devel@xxxxxxxxxxxxxxxxxxxxxxx
