This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: Building consensus over DNSSEC enhancements to glibc.
- From: Rich Felker <dalias at libc dot org>
- To: Carlos O'Donell <carlos at redhat dot com>
- Cc: GNU C Library <libc-alpha at sourceware dot org>
- Date: Wed, 4 Nov 2015 20:23:29 -0500
- Subject: Re: Building consensus over DNSSEC enhancements to glibc.
- Authentication-results: sourceware.org; auth=none
- References: <563A6E40 dot 9040508 at redhat dot com>
On Wed, Nov 04, 2015 at 03:44:48PM -0500, Carlos O'Donell wrote:
> Community,
>
> I have written up a summary of the mailing list discussions
> surrounding DNSSEC and the enhancements required to better
> support it in glibc.
>
> https://sourceware.org/glibc/wiki/DNSSEC
>
> Any thoughts or comments would be much appreciated.
While I'm not opposed to clean ways to expose DNSSEC trust to
applications, I don't see a bit libc role in the ideal client setup:
you just run a local nameserver that verifies DNSSEC and replies with
ServFail upon receiving forged reslts/results that are supposed to be
signed but aren't.
Rich