dnssec-trigger + GNOME + NetworkManager integration

[Tomas Hozza]

On 30.06.2015 13:58, Stef Walter wrote:
> On 30.06.2015 13:53, Bastien Nocera wrote:
>>
>>
>> ----- Original Message -----
>>> On 30.06.2015 11:24, Tomas Hozza wrote:
>> <snip>
>>>> It means that the site of your bank you are on may not be provided the
>>>> actual host you should be connected to, but instead by some attacker's.
>>>> The insecure mode means that you are vulnerable in the same way as the
>>>> plain DNS is. So you are insecure even now if you don't use DNSSEC
>>>> without realizing it.
>>>
>>> Except if your bank is using https and you connected to it that way, and
>>> you have unbroken CA roots. and so on ...
>>>
>>> The combinatorial explosion of states between "insecure" (someone just
>>> stole my money) and "secure" (the NSA be crying because they can't touch
>>> this) ... means you end up with about NNNN posibilities to explain to
>>> the user.
>>>
>>> It's not possible to represent all of this in a dialog. We'd have to
>>> print a book and mail to to the user.
>>
>> Which means that it needs to be opt-in for us not to have "unbreak my Internet"
>> buttons in the UI. Once DNSSEC is more widely deployed and we can safely
>> assume that the majority of the Internet is used it, we can toggle it on.
> 
> Yeah, that's one option.

No, it is not. It is opt-in now, we want it by default. Please read the
change. Thank you.

> Another is if dnssec-trigger can reliably detect the presence of DNSSEC
> on a given network, then it could enforce its use from then on.

Except that this is exactly what we DON'T want to do. DNSSEC is an
extension of DNS and it can be used even without the need for the whole
Internet to be signed. We want to use it even if the network-provided
DNS resolvers don't support DNSSEC.

> But making the user decide (or showing them a message) every time they
> connect to such networks is not the way to go.

Nobody ever said that we want to do that. This is exactly what we DON'T
want to do.

> Stef
> 

Tomas