<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 08/23/2012 12:10 PM, sandoche
BALAKRICHENAN wrote:<br>
</div>
<blockquote cite="mid:50360192.7080806@afnic.fr" type="cite">
<meta http-equiv="Context-Type" content="text/html;
charset=ISO-8859-1">
<br>
<blockquote
cite="mid:201207311641.q6VGf8EK078660@calcite.rhyolite.com"
type="cite">
<pre wrap="">After several hours fiddling around with Centos and Ubuntu, I got
mozilla-extval-0.7-2.fc16.noarch.rpm converted and installed with
dpkg on the Ubuntu system.
Firefox whined that the add-on is corrupt and claimed to have refused
to install it, but installed something that says it is "DNSSEC/TLSA
Validator 0.7". After giving it the IP address of my resolver, I
watched the resolver log for requests for TLSA qtypes and _tcp qnames
as I looked at <a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://fedoraproject.org">https://fedoraproject.org</a> I see only A and AAAA requests
for fedoraproject.org
</pre>
</blockquote>
<br>
</blockquote>
==> I installed the updated version of os3sec by Paul Wouters and
tested for the link <a moz-do-not-send="true"
class="moz-txt-link-rfc2396E" href="https://dane.rd.nic.fr">"https://dane.rd.nic.fr"</a>
which has TLSA RR's in its zone. I can see the queries for TLSA
types. Please see the snapshot of wireshark. <br>
<br>
While you click on the lock symbol in the link
<a class="moz-txt-link-freetext" href="https://dane.rd.nic.fr">https://dane.rd.nic.fr</a> you can see the comment "Domain name is
secured by DNSSEC and the certificate is validated by DNSSEC". Does
this mean TLSA Validation is done ?<br>
<br>
I have a question for Paul. In the preferences section for the
add-on i specified the IP address of a resolver. But from the
wireshark snapshot i can see the browser has accessed my default
resolver. Is this a bug ?<br>
<br>
<br>
Thanks,<br>
Sandoche.<br>
</body>
</html>