Re: DNSSEC architecture vs reality

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 13 Apr 2021, at 10:46, Andrew McConachie wrote:

> My point is that if people want to see HTTPS/DANE deployments grow they should start hacking HTTPS/DANE validation into the numerous open source projects that act as HTTPS clients.

I see two issues with HTTPS/DANE (and DNSSEC):

1. People in the community have too much focused on getting zones signed instead of getting validation deployed. In Sweden we focused in validation, and as validation is happening basically everywhere, it is worth it to get their zones signed.

My conclusion: Continue to talk about _validation_.

2. libCurl is used basically everywhere and some efforts have been done to add DANE, but nothing really finished. <https://curl.se/docs/todo.html#Support_DANE>

My conclusion: Convince someone with more time than me to actually finish the work.

    Patrik

Attachment: signature.asc
Description: OpenPGP digital signature


[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux