https://bugs.gentoo.org/show_bug.cgi?id=435372
--
Michael Weber
Gentoo Developer
web: https://xmw.de/
mailto: Michael Weber
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 01/08/2013 12:39 AM, Benjamin Lee wrote:
> On 01/07/2013 06:34 AM, Maxim Kammerer wrote:
>> browser plugins? Also, how widespread is client DNSSEC support?
>> E.g., I enabled DNSSEC for my domain, but not sure yet whether
>> DNS resolution anywher
On 01/17/2013 11:36 PM, Robin H. Johnson wrote:
> On Sat, Jan 12, 2013 at 10:36:31PM +, Robin H. Johnson wrote:
>> If there are no problems reported by Jan 17th, I'm going to complete the
>> DNSSEC configuration on gentoo.org and remaining delegated sub-domains.
> Everything is in place except
On Sat, Jan 12, 2013 at 10:36:31PM +, Robin H. Johnson wrote:
> If there are no problems reported by Jan 17th, I'm going to complete the
> DNSSEC configuration on gentoo.org and remaining delegated sub-domains.
Everything is in place except the final trust binding from the org. zone
to gentoo.o
On Mon, Jan 07, 2013 at 01:31:39AM +, Robin H. Johnson wrote:
> If there are no problems reported in a week or two, I'm going to enable
> this for the rest of our DNS zones, as well as registering the DS
> records with the TLD. Thereafter, I'd also like to deploy DANE and SSH
> fingerprints in
On Sun, Jan 06, 2013 at 10:01:00PM -0600, Doug Goldstein wrote:
> On Sun, Jan 6, 2013 at 7:31 PM, Robin H. Johnson wrote:
> > Just a heads up,
> >
> > DNSSEC is now live on *.dev.gentoo.org hosts.
>
> So for those that had to look up some or all of what Robin mentioned,
> I'll summarize below.
F
On 01/07/2013 06:34 AM, Maxim Kammerer wrote:
> browser plugins? Also, how widespread is client DNSSEC support? E.g.,
> I enabled DNSSEC for my domain, but not sure yet whether DNS
> resolution anywhere will fail in case DNS responses are spoofed.
Comcast runs dnssec-failed.org, which is convenien
On Mon, Jan 7, 2013 at 10:59 PM, Robin H. Johnson wrote:
> Firefox:
> Plugin needed:
> https://os3sec.org/
Doesn't work for me (no effect), stalls browser for long periods of time.
> Chrome:
> Already included in stock, see
> http://www.imperialviolet.org/2011/06/16/dnssecchrome.html
What seems
On Mon, Jan 07, 2013 at 04:34:09PM +0200, Maxim Kammerer wrote:
> On Mon, Jan 7, 2013 at 3:31 AM, Robin H. Johnson wrote:
> > Thereafter, I'd also like to deploy DANE and SSH
> > fingerprints in DNS, and remove our reliance any elements of the CA
> > chain.
> Isn't DANE highly experimental and onl
Maxim Kammerer wrote:
> Also, how widespread is client DNSSEC support? E.g., I enabled
> DNSSEC for my domain, but not sure yet whether DNS resolution
> anywhere will fail in case DNS responses are spoofed.
There is a gap between applications asking resolvers to do lookups
and resolvers which can
On Mon, Jan 7, 2013 at 3:31 AM, Robin H. Johnson wrote:
> Thereafter, I'd also like to deploy DANE and SSH
> fingerprints in DNS, and remove our reliance any elements of the CA
> chain.
Isn't DANE highly experimental and only supported by a couple of
browser plugins? Also, how widespread is clien
On 1/6/13 5:31 PM, Robin H. Johnson wrote:
> Just a heads up,
>
> DNSSEC is now live on *.dev.gentoo.org hosts.
Wow, that sounds pretty cool to me!
This could be a nice news: "Gentoo one of the first to deploy DNSSEC" -
what do you think? :)
Paweł
signature.asc
Description: OpenPGP digital
On Sun, Jan 6, 2013 at 7:31 PM, Robin H. Johnson wrote:
> Just a heads up,
>
> DNSSEC is now live on *.dev.gentoo.org hosts.
So for those that had to look up some or all of what Robin mentioned,
I'll summarize below.
>
> There is a DLV anchor registered at dlv.isc.org, so all public DNSSEC
> loo
Just a heads up,
DNSSEC is now live on *.dev.gentoo.org hosts.
There is a DLV anchor registered at dlv.isc.org, so all public DNSSEC
lookups within the domain should work fine.
Here's visualisation on my two test cases:
http://dnsviz.net/d/dev.gentoo.org/dnssec/
http://dnsviz.net/d/mv78100.arm.d
14 matches
Mail list logo
