On Mon, Sep 22, 2008 at 05:24:00PM +0200, Florian Weimer wrote:
> * marcus sachs:
>
> > While we wait for applications to become DNSSEC-aware,
>
> Uhm, applications shouldn't be DNSSEC-aware. Down that road lies
> madness. What should an end user do when the browser tells him,
> "Warning: Could not validate DNSSEC signature on www.example.com,
> signature has expired. Continue to connect?"
>
> --
> Florian Weimer <[EMAIL PROTECTED]>
actually, I am really hoping that at least one API
is standardized so that applications can use DNSSEC
data. We never finished the discussion on fail/open
fail/closed wrt DNSSEC.
--bill
