On Feb 17, 2013, at 11:50 AM, Ted Lemon <ted.le...@nominum.com> wrote:
> On Feb 17, 2013, at 2:32 PM, Paul Hoffman <paul.hoff...@vpnc.org> > wrote: >> Please: no. If I have local validation turned on for my own host, and there >> is a site I need to get to but it has broken signatures, I would like a GUI >> that says "this zone has broken signatures; ignore validation failures for >> 60 minutes?". > > Training users to bypass security. This is extremely bad security UI > design. MUST NOT level bad. How does the user distinguish between > "attack" and "mistake"? I don't even know how I would do it, and I have at > least some vague understanding of the security model of DNSSEC, which is a > genuine rarity. What's the point of having a validating resolver if > validation can be skipped with a click? Because I am my own operator. Yes, you want to be my nanny; no, I didn't ask you to be. > Having a configurable negative trust anchor zone isn't as good as having > DNSSEC that can be counted on to always be configured correctly, but it's a > lot better than a UI like this. That would work for me too, but not "you're a host, so you cannot use negative trust anchors", which is what Jason's proposed text said. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
