[At-Large] DNSSEC and end users

Patrick Vande Walle patrick at vande-walle.eu
Wed Feb 9 14:25:45 UTC 2011

On Wed, 9 Feb 2011 14:01:37 +0000 (UTC), Lutz Donnerhacke wrote: 

Currently almost all ISP's validating resolvers will return the
> data without the AD bit set. So the widly used plugins for
Firefox and MSIE
> will report an warning in the address line.
> I do
expext this way to become the default resolution policy. If you need
the validation, you will rely on the AD bit or use the newer API
(val_get...) to provider much better error messages to the user.


For anyone interested, here is the link to the nic.cz plugin for
Firefox http://www.dnssec-validator.cz
The INternet Explorer version is
at: http://cs.mty.itesm.mx/dnssecmx/index.php/executable
Of course this
will only work if your ISP has enabled DNSSEC on its resolvers, or if
you are running your own. 

One suggestion was to invite
Mozilla/Opera/IE/Chrome and Safari developers to speak about their
project related to DNSSEC, if any. I am not sure this suggestion will go
through. It would make sense, IMHO. Cupertino and Mountain View are in
the neighbourhood of San Francisco after all. 


More information about the At-Large mailing list