On Tue, 25 Sep 2012, Warren Kumari wrote: > Something that would be very helpful for getting this deployed / > implemented in browsers is number of folk (and more importantly, > organizations) stating that they are planning on / would do DANE if > the browsers supported it natively. Of course, even more helpful would > be folk actually publishing TLSA records :-P
To this last point about getting more TLSA records published, would anyone be interested in writing a step-by-step tutorial for how to publish a TLSA record? Or collaborating on writing one? If we had a page that was a simple set of steps it would be something we could pass around and encourage people to consider doing. I'm thinking of something like: Existing certificate: - get a copy of your TLS certificate - generate the appropriate hash using ____ - create a DNS record that looks like "........." - publish record (including DNSSEC signing) and celebrate New certificate - generate a new TLS certificate using ____ - install certificate in your web server (perhaps assume Apache for the tutorial) - generate the appropriate hash using ____ - create a DNS record that looks like "........." - publish record (including DNSSEC signing) and celebrate Now those steps may not be complete... this is just a first thought... and given that I've never deployed a TLSA record (but would like to) I don't know the exact steps. If anyone would be interested in creating something like this, I'd be glad to publish it on our Deploy360 site (with attribution to you and a link to a site) or if you publish it on your site I'd be glad to link to it from Deploy360. Or if you'd like to collaborate with me on writing something, I'd be glad to help with it. Even if someone could sketch out the basic outline of the commands one would use for the steps above, I'd be glad to write some text narrative explaining the commands. Anyone interested? Thanks, Dan -- Dan York [email protected] http://www.danyork.me/ skype:danyork Phone: +1-802-735-1624 Twitter - http://twitter.com/danyork
_______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
