[At-Large] DNSSEC and end users
Patrick Vande Walle
patrick at vande-walle.eu
Wed Feb 9 14:25:45 UTC 2011
On Wed, 9 Feb 2011 14:01:37 +0000 (UTC), Lutz Donnerhacke wrote:
Currently almost all ISP's validating resolvers will return the
> data without the AD bit set. So the widly used plugins for
Firefox and MSIE
> will report an warning in the address line.
> I do
expext this way to become the default resolution policy. If you need
the validation, you will rely on the AD bit or use the newer API
(val_get...) to provider much better error messages to the user.
For anyone interested, here is the link to the nic.cz plugin for
The INternet Explorer version is
Of course this
will only work if your ISP has enabled DNSSEC on its resolvers, or if
you are running your own.
One suggestion was to invite
Mozilla/Opera/IE/Chrome and Safari developers to speak about their
project related to DNSSEC, if any. I am not sure this suggestion will go
through. It would make sense, IMHO. Cupertino and Mountain View are in
the neighbourhood of San Francisco after all.
More information about the At-Large