On Mon, Apr 15, 2013 at 03:08:57PM +0200, Sandoche Balakrichenan wrote:
> Even though it took some time, here in i attach a tutorial style
> document which explains implementing DANE and a Proof of Concept using a
> browser add-on.
The "guide" could be much shorter. Just explain clearly how to set up
TLSA records for HTTPS in the context of an already signed DNSSEC zone.
The description of DNSSEC configuration is too miminal to be very
useful. In fact almost downright dangerous, since operating a DNSSEC
zone is a lot more involved than a one-time registration of a DS
RR in the parent zone. This topic is covered in a lot more depth
elsewhere and you're unlikely to do it justice except by reference
to something that already covers this well.
Since the write-up explains none of the implementation details of
the browser client plugin, the discussion of the client behaviour
is just a distraction.
Is the document a paper for academic publication or a How-To guide
for system administrators? It seems to be a strange mixture of
the two.
--
Viktor.
_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane
