[dns-operations] DNSSEC DANE testing

Warren Kumari warren at kumari.net
Thu Sep 20 05:06:55 UTC 2012


On Sep 12, 2012, at 4:44 PM, Paul Wouters <paul at cypherpunks.ca> wrote:

> On Wed, 12 Sep 2012, Marco Davids (SIDN) wrote:
> 
>> On 08/23/12 20:02, Paul Wouters wrote:
>> 
>>> I put up the xpi as well, you can grab it at:
>>> http://people.redhat.com/pwouters/mozilla-extval-0.7.xpi
>> 
>> I like it.
>> 
>> However, there might be room for improvent in the wording of the the
>> messages.
>> 
>> I deliberately broke the TLSA record (https://forfun.net/) and the
>> message is (in green):
>> 
>> "Domainname is secured by DNSSEC and the certificate is validated by CA."
>> 
>> Both true, but as a paranoid user, I would have appreciated a little bit
>> more information, like:
>> 
>> "... but the certificate did not pass a DANE check"
>> 
>> (or something similar)
> 
> It should do that. When I check your domain it tells me there is no TLSA
> record, but I checked all name servers and it is there (and incorrect)
> 
> I'll add it on my TODO list :)

Awesome, thank you Paul…. 

Just wanted to mention again that this is great….

W

> 
> Paul
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-jobs mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
> 




More information about the dns-operations mailing list