[Dnssec-trigger] Using dnssec-trigger when the forwarder lies
W.C.A. Wijngaards
wouter at NLnetLabs.nl
Tue Jan 3 08:56:15 UTC 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
The mission of dnssec-trigger is DNSSEC.
Circumvention of (ill-conceived perhaps) laws is not the goal.
This sort of thing goes on to require full VPN style solutions, if the
conflict becomes serious, also dnssec-trigger is not a VPN by all means.
The fact it can circumvent accidentally (i.e. DNSSEC support not
detected in filter-device, but alternative has no filter) is a failure
of the filtering party to conform to standards.
As much as I dislike censorship, this tool is to provide DNSSEC, not
censor-free-VPN. DNSSEC will detect and stop tampering, as you note.
Such a circumvention tool is perhaps better suited as a different
piece of add-on software? It would help, also with classification in
software repositories, and this may help uptake of DNSSEC by
distributions.
Best regards,
Wouter
On 01/03/2012 12:40 AM, Bill Owens wrote:
> On Mon, Jan 02, 2012 at 05:55:52PM -0500, Bill Owens wrote:
>> On Mon, Jan 02, 2012 at 10:49:31PM +0100, Stephane Bortzmeyer
>> wrote:
>>> [A bit of context: on 30th december 2011, the French
>>> governement published the decree mandating DNS - yes, DNS is
>>> explicitely the technque to use - filtering of online gambling
>>> sites. The problem may also happen with the US project SOPA and
>>> many others.]
>>
>> Just curious, and I can't seem to find anything specific about
>> this measure - does the decree have anything to say about
>> circumvention measures? Such as, for example, software that
>> automatically switches nameservers in order to avoid the
>> blocking? ;)
>
> Aha, of course you'd already blogged about it and tweeted the link,
> but since I am very limited in my language skills I had not
> noticed. Google Translate to the rescue (and there's nothing about
> circumvention, at least in the version I found/translated).
>
> BIll. _______________________________________________
> dnssec-trigger mailing list dnssec-trigger at NLnetLabs.nl
> http://open.nlnetlabs.nl/mailman/listinfo/dnssec-trigger
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQIcBAEBAgAGBQJPAsKuAAoJEJ9vHC1+BF+N4f0QAJZb8CqrMQKM/sd/1pneOlj3
AwFFG7OmTNw/KihqQ0yjvz4LqKB/0goenntbjeLDFKB0MqC4RhIhZM7zqzmYvn2u
a1365ImYfuDONcxbATKtDENLxm/EQW9+gF18RqVqKHnk4nzlpr3f6F8csh1tdWZP
LtW9zkP0Ak1bPG/JnvJRo19I/Nr0VFPHlZ4YN6EdvOzLc6uG2bK3YiTRtYD897AG
WACi/iHrhRTB6ZsDdlcsa6KECXOBPLKlp08g71crP+uq1DBlYtuPWGoiwelUItZr
V2tIk/b0lXXVrG0BAaN1Kqz/mTvVjAVkAHXKo2/gLF7iHq0PmMG6l7xje800hQb+
Hz9X48hyXQb9B/E9n4KYHXekj/UAAasVXyyYZOhiEvdva1bJqm2aRR2M3RSIWEqv
rDYP7HgAet/DEcpJiaMsQTJ0wXwzbAXHAdv2nt+P3sYh7L5xSHbnTnQIN0AIUgeT
N1yXn0zCDkrpaCfSVR2kOErMUX8hY+2ACxm5cIBvrYBYLYZAudu+dsbOgxsakf0x
AJhQ6kiEqQ8lLsq0AXXQtB/P6NL/BRalJzvRJRqHELpjBd7BlfNj30Nkwz2Hmxur
mn0ACOqAAniYS+ibEELOlwNboBuNLM26EcNN9cPDB1lKeUmot0ia75uyRb/ksfhB
XoZ6EloghMHuenkxOE4k
=T6ZN
-----END PGP SIGNATURE-----
More information about the dnssec-trigger
mailing list