[Dnssec-trigger] bugzilla can be used to file dnssec-trigger bug reports via the web browser

W.C.A. Wijngaards wouter at nlnetlabs.nl
Thu Jan 26 21:55:05 UTC 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Paul,

On 01/26/2012 03:56 PM, Paul Wouters wrote:
> On Thu, 26 Jan 2012, W.C.A. Wijngaards wrote:
> 
>> There is a bugzilla location for dnssec-trigger bug reports:
>> http://nlnetlabs.nl/bugs-script/enter_bug.cgi?product=dnssec-trigger
>>
>> So we can track them, and it is friendly to non-mailinglist-members
>> that want to file a bugreport.
> 
> So let me use this opportunity to talk about features :)

Yes, this is an experimental product to see how we can have DNSSEC at
end hosts.

> The first is, why do we need to have the user decide when to switch from
> hotspot mode to secure mode?

There are two insecure modes right now:
hotspot mode: use chose hotspot mode to sign in. stay insecure until
reprobe menu item.
insecure dialog: probe failed, insecure dialog shown to user (disconnect
or insecure?).  Silent reprobes with timeouts in the background (with no
popups, but if secure, takes it).

> Why Can't we probe every 5 seconds? Perhaps
> with some exponential backoff? I really would like to see that process
> automated - it should not need user input.

Yes, if the insecure-ness was because of a failed probe, then an
exponential backoff timer is implemented today.

If insecure-ness is because user chose hotspot-mode we keep that mode
until the user clicks to exit it.  Because, as Stephane found out, some
hotspots can have DNSSEC (via some workaround), but then you cannot
actually sign-on anymore (that uses the insecure local cache).

This user hotspot and reprobe menu item thing works with you tech-guys,
but it is difficult.  I would like something easier, but I do not know
how to help the user here.  To dnssec-trigger everything may seem to be
fine (dnssec with some workaround, yay), but then the web browser cannot
connect anywhere and cannot sign-in either ...

> The second is, with Linux, there is network manager that keeps track of
> connections and properties. It would be nice if we could store and
> remember the brokenness/failures so when we reconnect to the same
> network, we could switch to the expected mode. This latter one is harder
> because hotspots function in two modes, pre and post the hotspot magic.

Yes.

Somehow know that 'hotspot signon' mode is necessary, and sign-in
completion can trigger a reprobe somehow...

Best regards,
   Wouter
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.15 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJPIcu5AAoJEJ9vHC1+BF+NG88QALHQ3seICWoo/RfRY5eFIzos
vxQVJfbqaFbU2I6/6UQGgkdxB87hCU+Hb8YKbT9Wq2JCwC6HhJQ6wOwmw3Muo1QP
mg97x4E3vHFl6DBV4sXi5PVAuYnsRUXSVqXV75zvHvn+TPDSpz1h+gf5fBBdEzkk
4MROO8Au4SSazihVaVHULRS/nkv0WoZEJSt61mzTpgaJVmi074l8Tw5T1jJhWLuX
L/mcKpDWk6Hk0/N9+FHbCCgv8+c2SO8lMSgyFsuXS6Zz9k8s2i6GP8kKZE36bKDu
1IGw8LExm/lTty2/u0b6faJ+2ZIJUy0pjtbQu/FlK0gj0USklmd1tMblTxjI+h4/
0DX0Z4nYe1l4W92oikH10jWMOaYquOlgtynw1u1pe0fETieY49PRdcYcyjTvQLuy
q2jyEsGnVevqNfc0Ek+sai/1D98mUr46mvfR2sjqFy98Qr1Z2n3OAt9PBBx7Y53x
OGfSZlzQNi6XaeNmLpjd0VD0taNt32fErTvXY+rQ9OirebXuRDzgV7zH5fCdxHic
ImQawetJ0dBa2dAGsSI59CflJzOdgNWuEdRw1lAA2kuKanEGjOlrw8DU+2pDRR+r
hIqPR1hBwWzu8eGPSh9eAojrPS3QoAoRp5GytttE2cJnz34YZPmrMuZ4dlco5djo
ZJDF7n8v9iXTO01JA9LU
=nmD5
-----END PGP SIGNATURE-----



More information about the dnssec-trigger mailing list