nanog mailing list archives
Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates
From: Mark Andrews <marka () isc org>
Date: Mon, 12 Sep 2011 09:25:23 +1000
In message <146102.1315769526 () turing-police cc vt edu>, Valdis.Kletnieks () vt edu writes:
(*) Has anybody actually enabled "only accept DNSSEC-signed A records" on an end user system and left it enabled for more than a day before giving up in disgust? ;)
No. But I run with "reject anything that doesn't validate" and have for several years now and that doesn't suck. We will never be in a world where all DNS records validate unless we do DNSng and that DNSng requires that all answers be signed. Except as a academic exercise, I would never expect anyone would configure a validator to require that all answers validate as secure. DNSSEC gives you "provable secure", "provable insecure" and "bogus". Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka () isc org
Current thread:
- Re: Microsoft deems all DigiNotar certificates untrustworthy, releases, (continued)
- Re: Microsoft deems all DigiNotar certificates untrustworthy, releases Michiel Klaver (Sep 13)
- Re: Microsoft deems all DigiNotar certificates untrustworthy, releases Christopher Morrow (Sep 13)
- Re: Microsoft deems all DigiNotar certificates untrustworthy, releases Jima (Sep 13)
- Re: Microsoft deems all DigiNotar certificates untrustworthy, releases Christopher Morrow (Sep 13)
- Re: Microsoft deems all DigiNotar certificates untrustworthy, releases Christopher Morrow (Sep 13)
- Re: Microsoft deems all DigiNotar certificates untrustworthy, releases Ted Cooper (Sep 13)
- Re: Microsoft deems all DigiNotar certificates untrustworthy, releases Christopher Morrow (Sep 14)
- Re: Microsoft deems all DigiNotar certificates untrustworthy, releases Joe Greco (Sep 12)
- Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates lgomes00 (Sep 11)
- Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates Valdis . Kletnieks (Sep 11)
- Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates Mark Andrews (Sep 11)
- Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates Jimmy Hess (Sep 11)
- Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates Damian Menscher (Sep 11)
- Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates Christopher Morrow (Sep 11)
- Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates Valdis . Kletnieks (Sep 11)
- Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates Christopher Morrow (Sep 11)
- Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates Valdis . Kletnieks (Sep 12)
- Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates Christopher Morrow (Sep 12)
- Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates Robert Bonomi (Sep 12)
- Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates Christopher Morrow (Sep 12)