Security (DNSsec) could be used to verify package updates
Added by Dave Täht on
May 23, 2011. Updated on
Apr 21, 2012.
Security (DNSsec) could be used to verify package updates among other
Updated by Dave Täht on Jul 10, 2011.
I hope to get around to signing bufferbloat.net shortly. That gets me to
being able to use it from an update system that uses wget by default.
Updated by Michael Graff on Aug 23, 2011.
Just because the domain name to IP address mapping is secure, that does
not mean the TCP connection will not be trapped by some transparent
proxy sitting in an ISP or that your data was received unmodified…
Might be better to create a certificate authority, and install it in the
router itself, so you can make truly secure TLS connections.
Updated by Dave Täht on Aug 24, 2011.
A problem is every CA seemingly has to be slightly different to handle a
vpn, a web site, etc. but I’d dearly like to do this.
Updated by Dave Täht on Sep 1, 2011.
Updated by Jim Gettys on Sep 20, 2011.
Updated by Dave Täht on Apr 21, 2012.
This is a static export of the original bufferbloat.net issue
database. As such, no further commenting is possible; the
information is solely here for archival purposes.