Re: [dane] Version of dig for Mac OS X supporting TLSA records?

Fri, 28 Sep 2012 14:04:46 -0700 

With older versions of dig, you can also just specify the TLSA
RR type code (52). eg.

$ dig _443._tcp.fedoraproject.org. TYPE52

[...]

;; ANSWER SECTION:
_443._tcp.fedoraproject.org. 236 IN     TYPE52  \# 35 
030001F4BF2EAD76DA47E2EB64D6BD80335B276574E8E62617908D49 17F19E75920F22

The RDATA is pretty easy to decode, the first 3 octets are the 
usage (03), selector (00) and match type (01). The rest of the
cert data.

--Shumon.

On Fri, Sep 28, 2012 at 10:55:47PM +0200, Richard Barnes wrote:
> It appears that TLSA support has been added to BIND in version 9.8.3 ...  
> <https://lists.isc.org/pipermail/bind-users/2012-May/087723.html>
> 
> ??? and that version 9.8.3 ships with Mountain Lion.
> <http://support.apple.com/kb/HT5501>
> 
> 
> --  
> Richard Barnes
> Sent with Sparrow (http://www.sparrowmailapp.com/?sig)
> 
> 
> On Friday, September 28, 2012 at 8:42 PM, Dan York wrote:
> 
> > Is there a newer version of 'dig' that supports TLSA records?  I just 
> > received this on Mac OS X 10.7.4:
> > -----
> >  dyork$ dig +dnssec -t tlsa torproject.org (http://torproject.org)
> > ;; Warning, ignoring invalid type tlsa
> > -----
> >  
> > Here's the version info I have for dig:
> > -----
> > dyork$ dig -v
> > DiG 9.7.3-P3
> >  
> > -----
> >  
> > If so, any tips on easily getting a newer version[1]?  Does Mountain Lion 
> > include a newer version?
> >  
> > Thanks,
> > Dan
> >  
> > [1] i.e. outside of going to https://www.isc.org/software/bind and doing 
> > the usual 'configure/make/make install' dance, which I've not actually 
> > tried on Mac OS X
> >  
> > --  
> > Dan York  [email protected] (mailto:[email protected])
> > http://www.danyork.me/ (http://www.danyork.com/)   skype:danyork
> > Phone: +1-802-735-1624
> > Twitter - http://twitter.com/danyork
> >  
> >  
> >  
> > _______________________________________________
> > dane mailing list
> > [email protected] (mailto:[email protected])
> > https://www.ietf.org/mailman/listinfo/dane
> >  
> >  
> 
> 

> _______________________________________________
> dane mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/dane


-- 
Shumon Huque
University of Pennsylvania.
_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane

Reply via email to