This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: Building consensus over DNSSEC enhancements to glibc.

From: Rich Felker <dalias at libc dot org>
To: Carlos O'Donell <carlos at redhat dot com>
Cc: GNU C Library <libc-alpha at sourceware dot org>
Date: Wed, 4 Nov 2015 20:23:29 -0500
Subject: Re: Building consensus over DNSSEC enhancements to glibc.
Authentication-results: sourceware.org; auth=none
References: <563A6E40 dot 9040508 at redhat dot com>

On Wed, Nov 04, 2015 at 03:44:48PM -0500, Carlos O'Donell wrote:
> Community,
> 
> I have written up a summary of the mailing list discussions
> surrounding DNSSEC and the enhancements required to better
> support it in glibc.
> 
> https://sourceware.org/glibc/wiki/DNSSEC
> 
> Any thoughts or comments would be much appreciated.

While I'm not opposed to clean ways to expose DNSSEC trust to
applications, I don't see a bit libc role in the ideal client setup:
you just run a local nameserver that verifies DNSSEC and replies with
ServFail upon receiving forged reslts/results that are supposed to be
signed but aren't.

Rich

Follow-Ups:
- Re: Building consensus over DNSSEC enhancements to glibc.
  - From: Petr Spacek

References:
- Building consensus over DNSSEC enhancements to glibc.
  - From: Carlos O'Donell

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]