On Wed, 9 Feb 2011 14:01:37 +0000 (UTC), Lutz Donnerhacke wrote:
Currently almost all ISP's validating resolvers will return the "invalid"
data without the AD bit set. So the widly used plugins for Firefox and MSIE will report an warning in the address line.
I do expext this way to become the default resolution policy. If you need
the validation, you will rely on the AD bit or use the newer API
(val_get...) to provider much better error messages to the user. Thanks Lutz. For anyone interested, here is the link to the nic.cz plugin for Firefox http://www.dnssec-validator.cz The INternet Explorer version is at: http://cs.mty.itesm.mx/dnssecmx/index.php/executable Of course this will only work if your ISP has enabled DNSSEC on its resolvers, or if you are running your own. One suggestion was to invite Mozilla/Opera/IE/Chrome and Safari developers to speak about their project related to DNSSEC, if any. I am not sure this suggestion will go through. It would make sense, IMHO. Cupertino and Mountain View are in the neighbourhood of San Francisco after all. Patrick