DNSSEC incelemeleri
DNSSEC geliştiren: Antoine POPINEAU
00dani adlı kullanıcının incelemesi
5 üzerinden 2 puan
yazan: 00dani, 6 yıl önceFour stars for functionality, minus two because the implementation goes through Google. Yes, much the same as every other review so far - I'm actually writing this review to let you know that you don't actually need to trust any external HTTPS service to handle this!
Specifically, the Chrome version of DNSSEC/TLSA Validator, the extension you're clearly attempting to replicate, suffers from the same WebExtensions restrictions that modern Firefox does. Rather than trust an external service, however, they work around the issue through a WebExtensions feature called native messaging: a compiled binary is installed onto the system, which can do whatever it likes locally including make its own DNS queries, and then the WebExtension can ask that binary to check DNSSEC status when necessary.
Yes, it's a little bit of a hassle to install the necessary binary in the first place, since the browser won't install it automatically, but it's much more secure than trusting any external service - and it's no different to how the Chrome version of DNSSEC/TLSA Validator works right now.
I can confirm that Firefox supports this exact same approach, since I use several WebExtensions in Firefox this way (browserpass and bukubrow, specifically!). I don't know why the folks behind the DNSSEC/TLSA Validator haven't simply released a Firefox 57+ extension that uses native messaging, exactly like their existing Chrome extension, but it's definitely something you could do. :)
Specifically, the Chrome version of DNSSEC/TLSA Validator, the extension you're clearly attempting to replicate, suffers from the same WebExtensions restrictions that modern Firefox does. Rather than trust an external service, however, they work around the issue through a WebExtensions feature called native messaging: a compiled binary is installed onto the system, which can do whatever it likes locally including make its own DNS queries, and then the WebExtension can ask that binary to check DNSSEC status when necessary.
Yes, it's a little bit of a hassle to install the necessary binary in the first place, since the browser won't install it automatically, but it's much more secure than trusting any external service - and it's no different to how the Chrome version of DNSSEC/TLSA Validator works right now.
I can confirm that Firefox supports this exact same approach, since I use several WebExtensions in Firefox this way (browserpass and bukubrow, specifically!). I don't know why the folks behind the DNSSEC/TLSA Validator haven't simply released a Firefox 57+ extension that uses native messaging, exactly like their existing Chrome extension, but it's definitely something you could do. :)