Hi, thanks for the testing sites, they were helpful.
We started working on an addon for Firefox - it's a Certificate Patrol clone that can do TLSA queries and also store multiple certs per site (that last part was a bit nuisance with CertPatrol). There are more possible states/cases in the TLSA+CertPatrol combination than just TLSA. So if anyone wants to poke holes, it could use a bit testing. For now I've put a git repo snapshot and compiled addon onto a temporary site, later there'll be a proper repo. The temp site with alpha version (sorry, for now linux only): https://www.constructibleuniverse.net/DANE-Patrol/ The "override unknown cert page" is not yet implemented (FF has different hooks for it). Also, it's not a "proper TLSA implementation", because FF API won't allow you to check TLS connection just after TLS handshake and abort it. The README on the site has more details. Ondrej
signature.asc
Description: OpenPGP digital signature
_______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
