In two of the sites that were previously sent for testing in this list have an issue. Even though in their DANE entry they claim to contain a SubjectPublicKeyInfo hash, in reality they contain a hash of the X.509 certificate.
One of these sites is being listed as valid in: http://www.internetsociety.org/deploy360/resources/dane-test-sites/ The sites with issues are: dane.nox.su 030101 forfun.net 010101 The 3 first bytes of the TLSA entry are also above. The issue is in the "Selector" field which has 1 instead of zero. I contacted the forfun.net admin who said that he just used the dane.py script. Is this known or am I missing something? regards, Nikos _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
