[Dnssec-trigger] dnssec trigger snapshot 0.8 SSL test
W.C.A. Wijngaards
wouter at NLnetLabs.nl
Tue Nov 8 14:54:34 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
There is a snapshot of 0.8 available. Dnssec trigger is experimental
and not ready for production use. The aim is to figure out how to do it
for production use (and normal people).
The snapshot here has the mac install bug (erroneous error) fixed.
The snapshot contains the SSL fallback. For this you need unbound from
svn trunk (the osx and windows binaries include this unbound version),
that supports SSL queries. It can then maybe use this functionality.
However, it is currently unknown if this works - it works in lab
conditions, however the issue seems that the code fails in a real
(hostile deep-packet-thingy) network in a hotel (or other spot). Where
another test (plain https over ssl) seems to work.
If you want to install this, please try out in such networks. If the
ssl443 fallback really works. And if ssl443 fails, if then https also
fails (i.e. try some https site, such as nlnetlabs.nl (signed with
CAcert)). The idea is to gain confidence that the ssl fallback really
provides tangible benefit.
The server is also changed, to a new server at NLnet Labs that can do
SSL. Upon a final release the old server would be decommissioned. The
server is provided as-is, and there are no service and uptime guarantees.
http://www.nlnetlabs.nl/~wouter/dnssectrigger-0.8_20111108.dmg
http://www.nlnetlabs.nl/~wouter/dnssec_trigger_setup_0.8_20111108.exe
http://www.nlnetlabs.nl/~wouter/dnssec-trigger-0.8_20111108.tar.gz
sha1 5e55e1b1d685bdda75bd2ce4e4d617fa7b8cd995
sha256 954f58ed071f7e5366f68c152eae06307c573ca95ef2962b524119a0ccf2810e
Best regards,
Wouter
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iQIcBAEBAgAGBQJOuUKqAAoJEJ9vHC1+BF+NOrsQAK9FB9V3+7RUXlzH97hrxjus
fTCYFYOzZxa1kzkFBb4O7BGbd6YqvgQuTnQBz5rR7rB6wtIm0J99ljGIuDrvaI6P
pzu48pfjv/KHTXIH6V1NdkQltKGd/vQe94SLoEkqs9DNqffNRE4qKjN3tVvsZx+3
rh4wUtS2bEk7L7ptGicP0jg4ubqR72awAUd3WODN99XjYVsLIqXFYCsbKCjk6bLf
rKswF1/flVVy/e31Fiu9gy1FZ+nh4g8zHyb+5QT+AMpjgESuizm/PD3/qv5EMNjk
3Qcw4BLla7LyI/2cD5s4ahh9KkiGHLnvF4YDG/v9kv2HtQQ1bOblssFHP+1M1NL/
tYgQnXXnZb0544jb3HqrtuSJjcK64NeOxDQnZ+EkUDk015aKtHKwsnz4yMIx/G3o
dVdcQfkajIMy8g1bdXFC6yM80oUsOk82XQ8gvKmIr3TMg4iwJYaxjYAxwNaFltyN
dhGCNxhKsoyZp0bOMMqJw1225Z9Yb3ZaWTGGdanXNpiI3+AxULkr14VMEqHYQygK
AOrKxTqns8O9oUMZe/nOun23xu3OylVyTYmQuiAlpDsDJLgtAuL3uDGqXS+5VuZV
0JT0M9CF5ceNDQUW67agTs6pacEisE5Kwyt9CNqOWLg5WO2J6O6tKbWBz7RaWeBo
8rTwXaDnOMntIb7Gzvsy
=v6VM
-----END PGP SIGNATURE-----
More information about the dnssec-trigger
mailing list