Neal Becker wrote: >This quote caught my attention: > >DNSSEC deployment guides go so far as to recommend against deployment >of DNSSEC validation on end-systems.
Where are those guides, who wrote them, and what are their arguments against local validation? >So significant is the inclination >against extending DNSSEC all the way to desktops that an additional >protocol extension (TSIG) was designed in part to provide that >capability. TSIG requires the client to trust that the server performs the validation correctly and doesn't lie about it. It may be useful within an organization where the same group of administrators control both servers and clients, but not on a laptop that connects to random hotspots. -- Björn Persson
pgp9VSEtKbZoN.pgp
Description: OpenPGP digital signatur
-- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
