W3C home > Mailing lists > Public > public-wsc-wg@w3.org > April 2007

Re: DNSSEC indicator

From: Thomas Roessler <tlr@w3.org>
Date: Thu, 26 Apr 2007 11:35:11 +0200
To: michael.mccormick@wellsfargo.com
Cc: ses@ll.mit.edu, public-wsc-wg@w3.org, kjell.rydjer@swedbank.se, steve@shinkuro.com, public-usable-authentication@w3.org
Message-ID: <20070426093511.GS1542@raktajino.does-not-exist.org>

(CC to the public comment list, since some folks who aren't on the
WG are copied on this conversation.)

On 2007-04-13 13:33:25 -0500, michael.mccormick@wellsfargo.com wrote:

> I still think DNSSEC will be more valuable if it's visible to the
> end user.  True, most won't care.  But some will, especially if
> it can be presented in an intuitive and jargon-free fashion in
> the UI.

So, a user encounters a DNSSEC indicator.  That means that they got
the mapping from the domain name to the IP address securely.  It
doesn't tell them *anything* about the security of the conversation
that goes on on higher protocol levels.

On the other hand, if TLS is in place, the security of the
connection doesn't really depend on DNSSEC, so the presence or
absence of that indicator wouldn't provide any particularly useful
information.

Maybe one of you guys could enlighten me what user decision such an
indicator would reasonably support?

Thanks,
-- 
Thomas Roessler, W3C  <tlr@w3.org>
Received on Thursday, 26 April 2007 09:35:14 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 5 February 2008 03:52:47 GMT