[Dnssec-trigger] Using dnssec-trigger when the forwarder lies
wouter at NLnetLabs.nl
Tue Jan 3 08:56:15 UTC 2012
-----BEGIN PGP SIGNED MESSAGE-----
The mission of dnssec-trigger is DNSSEC.
Circumvention of (ill-conceived perhaps) laws is not the goal.
This sort of thing goes on to require full VPN style solutions, if the
conflict becomes serious, also dnssec-trigger is not a VPN by all means.
The fact it can circumvent accidentally (i.e. DNSSEC support not
detected in filter-device, but alternative has no filter) is a failure
of the filtering party to conform to standards.
As much as I dislike censorship, this tool is to provide DNSSEC, not
censor-free-VPN. DNSSEC will detect and stop tampering, as you note.
Such a circumvention tool is perhaps better suited as a different
piece of add-on software? It would help, also with classification in
software repositories, and this may help uptake of DNSSEC by
On 01/03/2012 12:40 AM, Bill Owens wrote:
> On Mon, Jan 02, 2012 at 05:55:52PM -0500, Bill Owens wrote:
>> On Mon, Jan 02, 2012 at 10:49:31PM +0100, Stephane Bortzmeyer
>>> [A bit of context: on 30th december 2011, the French
>>> governement published the decree mandating DNS - yes, DNS is
>>> explicitely the technque to use - filtering of online gambling
>>> sites. The problem may also happen with the US project SOPA and
>>> many others.]
>> Just curious, and I can't seem to find anything specific about
>> this measure - does the decree have anything to say about
>> circumvention measures? Such as, for example, software that
>> automatically switches nameservers in order to avoid the
>> blocking? ;)
> Aha, of course you'd already blogged about it and tweeted the link,
> but since I am very limited in my language skills I had not
> noticed. Google Translate to the rescue (and there's nothing about
> circumvention, at least in the version I found/translated).
> BIll. _______________________________________________
> dnssec-trigger mailing list dnssec-trigger at NLnetLabs.nl
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----
More information about the dnssec-trigger