[Dnssec-trigger] dnssec trigger snapshot 0.8 SSL test
wouter at NLnetLabs.nl
Tue Nov 8 14:54:34 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
There is a snapshot of 0.8 available. Dnssec trigger is experimental
and not ready for production use. The aim is to figure out how to do it
for production use (and normal people).
The snapshot here has the mac install bug (erroneous error) fixed.
The snapshot contains the SSL fallback. For this you need unbound from
svn trunk (the osx and windows binaries include this unbound version),
that supports SSL queries. It can then maybe use this functionality.
However, it is currently unknown if this works - it works in lab
conditions, however the issue seems that the code fails in a real
(hostile deep-packet-thingy) network in a hotel (or other spot). Where
another test (plain https over ssl) seems to work.
If you want to install this, please try out in such networks. If the
ssl443 fallback really works. And if ssl443 fails, if then https also
fails (i.e. try some https site, such as nlnetlabs.nl (signed with
CAcert)). The idea is to gain confidence that the ssl fallback really
provides tangible benefit.
The server is also changed, to a new server at NLnet Labs that can do
SSL. Upon a final release the old server would be decommissioned. The
server is provided as-is, and there are no service and uptime guarantees.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----
More information about the dnssec-trigger