Re: DNSSEC indicator

> From: <michael.mccormick@wellsfargo.com>
> Date: Fri, 13 Apr 2007 13:33:25 -0500
> Subject: RE: DNSSEC indicator
> 
> I still think DNSSEC will be more valuable if it's visible to the end
> user.  True, most won't care.  But some will, especially if it can be
> presented in an intuitive and jargon-free fashion in the UI.

   OK.  If we want the information to be actionable, can you describe an
action that would be different if the user sees DNSSEC is present or absent
and that couldn't be acted on automatically by the user's agent?
 
> I think this discussion goes right to the heart of the core WSC premise:
> We believe today's browsers display security context in a way that is
> incomplete, misleading, misunderstood, and therefore often ignored.  We
> believe it should be possible for browsers to display security context
> that is more accurate, complete, intuitive, and actionable.
> (If we didn't believe this why would we invest time in the WSC WG?)

   I'll admit that I'm not convinced that the solution is more information
being made available to users.  I, for one, am participating in part because
I'd like to make sure the working group does not repeat mistakes that have
been made by others in the past.  One of those mistakes is providing users
with security information that they may not need and don't know how to use
to make decisions.

   Browsers don't currently report the SSL cipher, destination IP address,
or other security information needed to provide a "complete" security
picture.  I'm OK with that.
    
> I feel DNSSEC -- if it comes to fruition -- is too important a piece of
> the security context for us to ignore it.

   I'd be more convinced if you could provide an explanation of how users
would be able to apply an indication of the presence or absence of DNSSEC to
better inform their decisions.
 
> ------ Forwarded Message
> From: "Stuart E. Schechter" <ses@ll.mit.edu>
> Subject: Re: DNSSEC indicator
> 
>> From: <michael.mccormick@wellsfargo.com>
> 
> ...  
>> My personal opinion is DNSSEC should probably be another input to the
>> agent security context display along with the others we've talked
>> about (e.g., SSL/TLS).  There are some practical obstacles to overcome
> 
>> -- for instance the name resolver built into the client OS or browser
>> has to be DNSSEC-capable as a prerequisite for this -- but it seems it
> 
>> ought to be on the roadmap.  I believe DNSSEC has more potential
> benefit if it's visible to end users.
> 
> Michael:
> 
>    I'm a strong advocate of DNSSEC, but I'm certain it will fail users
> are required to notice an indictor of its presence or absence.  SSL
> indicators are visible to end users and users don't notice them.
> 
>    I have been working on a new standard that would employ DNSSEC to
> reduce, rather than increase, the amount of security information that
> users need to be made aware of.  The standard removes the need for users
> to pay attention to the browser padlock icon and other HTTPS indicators.
> When I've talked to folks at Mozilla and on Microsoft's IE team, I've
> found the generally agree that this is the area where DNSSEC can provide
> value to them.  Alas, because it introduces a new record into the DNS,
> it is out of scope for this working group.
> 
>    When it comes to security indicators, more is not necessarily better.
> 
>    Cheers
> 
>    Stuart
> 
> 
> 
> 
> 

Received on Friday, 13 April 2007 19:50:02 UTC