Not logged in
Log in now
Create an account
Subscribe to LWN
Pencil, Pencil, and Pencil
Dividing the Linux desktop
LWN.net Weekly Edition for June 13, 2013
A report from pgCon 2013
Little things that matter in language design
China, GitHub and the man-in-the-middle (Greatfire)
Posted Jan 31, 2013 17:36 UTC (Thu) by cesarb (subscriber, #6266)
Not possible, since the root DNSSEC key is distributed with the software. There is no warning dialog box a user can easily dismiss; the software simply returns SERVFAIL. And there is a single root DNSSEC key, which is out of their reach, unlike the SSL model which has several root keys.
The most they can do is block DNSSEC requests, forcing all DNS resolution to fail. Since the root is signed, if a DNSSEC validating resolver cannot validate the root, it will return SERVFAIL for all queries.
Posted Jan 31, 2013 22:05 UTC (Thu) by tialaramex (subscriber, #21167)
Posted Feb 1, 2013 9:43 UTC (Fri) by job (guest, #670)
Posted Feb 1, 2013 11:06 UTC (Fri) by hummassa (subscriber, #307)
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds