[dns-operations] DNSSEC DANE testing
WBrown at e1b.org
WBrown at e1b.org
Tue Jul 31 17:16:25 UTC 2012
Vernon wrote on 07/31/2012 12:41:08 PM:
> Thanks anyway and no offense intended. Even if I could make it
> work, a browser add-on wouldn't get me toward my real goal of a
> little security for my web pages without paying for the pretense
> of commercial pkix security.
But until browsers support DANE to the same level they support the
commercial SSL root certificates, there's little benefit. I'd like to see
it happen, just not holding my breath.
You could implement something like
http://jpmens.net/2012/07/30/is-my-web-site-being-used-via-dnssec-validator/
to detect who is using secure DNS results and react as appropriate.
Confidentiality Notice:
This electronic message and any attachments may contain confidential or
privileged information, and is intended only for the individual or entity
identified above as the addressee. If you are not the addressee (or the
employee or agent responsible to deliver it to the addressee), or if this
message has been addressed to you in error, you are hereby notified that
you may not copy, forward, disclose or use any part of this message or any
attachments. Please notify the sender immediately by return e-mail or
telephone and delete this message from your system.
More information about the dns-operations
mailing list