On Wed, 26 Sep 2012, Dan York wrote:
To this last point about getting more TLSA records published, would anyone be interested in writing a step-by-step tutorial for how to publish a TLSA record? Or collaborating on writing one?
My slidedeck from Linux Security Summit 2012 had that information. I'll also be presenting about this at SecTor and ICANN.
Even if someone could sketch out the basic outline of the commands one would use for the steps above, I'd be glad to write some text narrative explaining the commands.
yum | apt-get install hash-slinger (from http://people.redhat.com/pwouters/hash-slinger ) [paul@bofh]$ tlsa --create ietf.org No certificate specified on the commandline, attempting to retrieve it from the server ietf.org. Attempting to get certificate from 64.170.98.30 Got a certificate with Subject: /O=*.ietf.org/OU=Domain Control Validated/CN=*.ietf.org _443._tcp.ietf.org. IN TLSA 3 0 1 54f3fd877632a41c65b0ff4e50e254dd7d1873486231dc6cd5e9c1c1963d1e4e Or use -o generic, to get the record in generic format for those nameserves or signers that do not yet support the TLSA RRtype: [paul@bofh]$ tlsa --create -o generic ietf.org No certificate specified on the commandline, attempting to retrieve it from the server ietf.org. Attempting to get certificate from 64.170.98.30 Got a certificate with Subject: /O=*.ietf.org/OU=Domain Control Validated/CN=*.ietf.org _443._tcp.ietf.org. IN TYPE52 \# 35 03000154f3fd877632a41c65b0ff4e50e254dd7d1873486231dc6cd5e9c1c1963d1e4e Paul _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
