dnssec-trigger + GNOME + NetworkManager integration
Bastien Nocera
bnocera at redhat.com
Tue Jun 30 12:11:05 UTC 2015
----- Original Message -----
> On 30.06.2015 13:53, Bastien Nocera wrote:
> >
> >
> > ----- Original Message -----
> >> On 30.06.2015 11:24, Tomas Hozza wrote:
> > <snip>
> >>> It means that the site of your bank you are on may not be provided the
> >>> actual host you should be connected to, but instead by some attacker's.
> >>> The insecure mode means that you are vulnerable in the same way as the
> >>> plain DNS is. So you are insecure even now if you don't use DNSSEC
> >>> without realizing it.
> >>
> >> Except if your bank is using https and you connected to it that way, and
> >> you have unbroken CA roots. and so on ...
> >>
> >> The combinatorial explosion of states between "insecure" (someone just
> >> stole my money) and "secure" (the NSA be crying because they can't touch
> >> this) ... means you end up with about NNNN posibilities to explain to
> >> the user.
> >>
> >> It's not possible to represent all of this in a dialog. We'd have to
> >> print a book and mail to to the user.
> >
> > Which means that it needs to be opt-in for us not to have "unbreak my
> > Internet"
> > buttons in the UI. Once DNSSEC is more widely deployed and we can safely
> > assume that the majority of the Internet is used it, we can toggle it on.
>
> Yeah, that's one option.
>
> Another is if dnssec-trigger can reliably detect the presence of DNSSEC
> on a given network, then it could enforce its use from then on.
The good thing being that NetworkManager knows all that, and that the desktop
doesn't need to track which network we connected to, and whether or not it
used DNSSEC.
> But making the user decide (or showing them a message) every time they
> connect to such networks is not the way to go.
Exactly, cf. "which firewall zone is this network in" discussions of yesteryear.
More information about the devel
mailing list