[dns-operations] DNSSEC DANE testing

Marco Davids (SIDN) marco.davids at sidn.nl
Wed Sep 12 12:24:25 UTC 2012

On 08/23/12 20:02, Paul Wouters wrote:

> I put up the xpi as well, you can grab it at:
> http://people.redhat.com/pwouters/mozilla-extval-0.7.xpi

I like it.

However, there might be room for improvent in the wording of the the

I deliberately broke the TLSA record (https://forfun.net/) and the
message is (in green):

"Domainname is secured by DNSSEC and the certificate is validated by CA."

Both true, but as a paranoid user, I would have appreciated a little bit
more information, like:

"... but the certificate did not pass a DANE check"

(or something similar)



More information about the dns-operations mailing list