- Noté 5 sur 5par Asclepius, il y a 2 ansThank you for this add-on. I just hope (since it isn't a "recommended" extension) that it is trustworthy. Aside from that concern, it serves its purpose. It would be nice if Firefox had built-in DNSSEC validation.
- Noté 4 sur 5par Utilisateur ou utilisatrice 15136226 de Firefox, il y a 3 ansThis add on works well, however there are some issues as pointed out by other reviewers. I would like to note that ECDSAP256SHA256 works for me. It would also be nice if the add on verified https sites with DANE pinned certificates.
- Noté 4 sur 5par Utilisateur ou utilisatrice 14672905 de Firefox, il y a 3 ansIt's great! And yes, would be even better once we have custom DNS, over TLS or not.
But this is a feature I have been waiting for so long, so I'm not going to hide my current feeling about this extension, it's awesome!!
- Noté 2 sur 5par Utilisateur ou utilisatrice 14514156 de Firefox, il y a 4 ansI would give at least 4 stars, if it would use my local resolver instead of using google/cloudflare for DNS lookups.
Reason behind the downgrade:
1. it introduces a single point of failure:
if either of those sites can't answer, _ALL_ users of this extension (who have configured that site) can't use it, if it would use the local resolver and that failed it would be just the users of the local machine who experience that problem.
2. it is a privacy hazard:
a hacker needs to crack only a single (ok: two) machine(s) to get a complete log of who on this world tried to communicate with which web server....
if it would use the local configured resolver that _might_ still be a problem, depending on the configuration of said resolver, but mostly (I hope) those will contact multiple authoritative servers to walk from the root to the leaf containing the desired information and only the _last_ server will know which site I wanted to contact, but there it's irrelevant, since _that_ site knows it anyway.... (btw.: _THIS_ is the reason why I disabled this extension)
3. it can't verify local domains
according to 'dig' my own domains are DNSSEC enabled and working correctly, still your extension reports them as unsigned because there is no global glue record, as such while it is reachable from the world (via dyndns), the world doesn't see the DNSSEC information stored on my local dns-server.
- Noté 4 sur 5par Utilisateur ou utilisatrice 12739246 de Firefox, il y a 4 ansGreat addon !
It just lacks the ability to set a custom DNS resolver, and the TLSA support.
Besides, the UI doesn't integrate well with a dark theme on Linux (KDE here, but I suspect it will be the same for another window manager), as the background of the tooltip gets its color from the system, and the font color seems to be hardcoded in black.
Oh, and I didn't find any link to the sourcecode. Is it available ? :)