Feature #175
Security (DNSsec) could be used to verify package updates
| Status: | New | Start date: | 05/23/2011 | |
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assignee: |  Evan Hunt |
% Done: | 0% |
|
| Category: | - | Spent time: | 1.00 hour | |
| Target version: | Cerowrt-Next |
Description
Security (DNSsec) could be used to verify package updates among other things.
History
Updated by Dave Täht almost 2 years ago
- Assignee set to Evan Hunt
- Target version set to 1st Public Cerowrt release
I hope to get around to signing bufferbloat.net shortly. That gets me to being able to use it from an update system that uses wget by default.
Updated by Michael Graff almost 2 years ago
Just because the domain name to IP address mapping is secure, that does not mean the TCP connection will not be trapped by some transparent proxy sitting in an ISP or that your data was received unmodified...
Might be better to create a certificate authority, and install it in the router itself, so you can make truly secure TLS connections.
Updated by Dave Täht almost 2 years ago
A problem is every CA seemingly has to be slightly different to handle a vpn, a web site, etc. but I'd dearly like to do this.
Updated by Dave Täht almost 2 years ago
- Target version changed from 1st Public Cerowrt release to 13
Updated by Jim Gettys over 1 year ago
- Project changed from ISCWRT to Cerowrt
Updated by Dave Täht about 1 year ago
- Target version changed from 13 to Cerowrt-Next