[dns-operations] DNSSEC DANE testing
Warren Kumari
warren at kumari.net
Thu Sep 20 05:06:55 UTC 2012
On Sep 12, 2012, at 4:44 PM, Paul Wouters <paul at cypherpunks.ca> wrote:
> On Wed, 12 Sep 2012, Marco Davids (SIDN) wrote:
>
>> On 08/23/12 20:02, Paul Wouters wrote:
>>
>>> I put up the xpi as well, you can grab it at:
>>> http://people.redhat.com/pwouters/mozilla-extval-0.7.xpi
>>
>> I like it.
>>
>> However, there might be room for improvent in the wording of the the
>> messages.
>>
>> I deliberately broke the TLSA record (https://forfun.net/) and the
>> message is (in green):
>>
>> "Domainname is secured by DNSSEC and the certificate is validated by CA."
>>
>> Both true, but as a paranoid user, I would have appreciated a little bit
>> more information, like:
>>
>> "... but the certificate did not pass a DANE check"
>>
>> (or something similar)
>
> It should do that. When I check your domain it tells me there is no TLSA
> record, but I checked all name servers and it is there (and incorrect)
>
> I'll add it on my TODO list :)
Awesome, thank you Paul….
Just wanted to mention again that this is great….
W
>
> Paul
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-jobs mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
>
More information about the dns-operations
mailing list