Your message dated Thu, 30 May 2024 13:53:10 +0200
with message-id <[email protected]>
and subject line Re: Bug#760471: dns-root-data: Include support for local
DNSSEC data
has caused the Debian Bug report #760471,
regarding dns-root-data: Include support for local DNSSEC data
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
760471: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=760471
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: dns-root-data
Severity: wishlist
As per IRC conversation, it would be very useful if dns-root-data
supported providing local DNSSEC data to the various resolvers in
addition to the root data itself.
The use would be for Debian (for instance) to have the debian.org keys
shipped onto the host to mitigate . or .org. being compromised.
I have no strong opinions on exactly what the implementation should look
like, but if you need input on it, feel free to poke and I'll chime in.
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
--- End Message ---
--- Begin Message ---
On Sep 04, Tollef Fog Heen <[email protected]> wrote:
> As per IRC conversation, it would be very useful if dns-root-data
> supported providing local DNSSEC data to the various resolvers in
> addition to the root data itself.
>
> The use would be for Debian (for instance) to have the debian.org keys
> shipped onto the host to mitigate . or .org. being compromised.
I think that at this point (10 years later) we know better and have
learnt to avoid key pinning.
--
ciao,
Marco
signature.asc
Description: PGP signature
--- End Message ---
