[At-Large] DNSSEC and end users

Patrick Vande Walle patrick at vande-walle.eu
Wed Feb 9 07:20:30 UTC 2011

Good morning to all, 

This is your SSAC liaison speaking. I am
requesting your thoughts on what expected impact DNSSEC will have on end
users. My goal is to contribute ideas to the the agenda of the DNSSEC
sessions at the San Francisco meeting. 

Currently, with DNSSEC enabled
on the DNS resolver you use (typically, the one assigned to you by your
ISP), a domain name failing DNSSEC resolution returns a code to your
browser saying the domain does not exist. You would get a blank page
displayed in your browser saying the domain is unreachable, similar to
what you get when you type an invalid domain name in the browser bar.

Some suggest that browsers should return a warning instead, similar to
the one you get with an invalid SSL certificate. The counter-argument to
this is that most users tend to ignore these warnings anyway and just
click OK to go ahead. Further, some say that ISP support desks will get
lots of calls from customers complaining about "the Internet is not
working" if users are annoyed by pop-up messages, for what appears to be
legitimate domain names. 

Obviously, I do not claim that the Internet
is just the web. But is is right now the most visible part and the one
which requires direct interaction from the user. 

I am interested in
your thoughts about this. 

Patrick Vande Walle 

Twitter: http://twitter.vande-walle.eu

More information about the At-Large mailing list