Extended DNSSEC Validation

Two new Firefox plugin options for DNSSEC validation

1) DNSSEC Validator 1.1.4 from CZ.NIC Labs is available on the Mozilla plugin site

DNSSEC Validator gets DNS records for a domain name used in page address and compares them to IP addresses Firefox used to download the page. If the records contain DNSSEC signatures which can be validated, the user is protected by DNSSEC. Otherwise the user could have been a victim of DNS spoofing. The result of the comparison is displayed as green/orange/red key right in the address bar.

2) Alpha code tested with beta Firefox 4 is available from os3sec.org

Extended DNSSEC Validator is an add-on for the Mozilla Firefox 4 beta web browser, which allows you to check the existence and validity of DNSSEC signed DNS records for domains. If a valid DNSSEC chain to the domain has been found, it checks for the existence of TXT or TLSA records that can store a copy of the hash of the HTTPS certificate. The results are shown in the address bar using the same scheme that Firefox already employs (identity box). This allows owners of DNSSEC enabled domains to securely deploy self-signed certificates or provide additional trust in their CA-signed certificates.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.