Hi, if the owner decides and it shows up in the browsers and systems the same, the security is still more weaker than in a combination, so that seems not to be a good solution.
Regards, Christian Von: Sandoche Balakrichenan <[email protected]<mailto:[email protected]>> Datum: Montag, 15. April 2013 15:08 An: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Cc: Niall O'Reilly <[email protected]<mailto:[email protected]>>, Phil Regnauld <[email protected]<mailto:[email protected]>>, "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Betreff: Re: [dane] Anyone interested in writing a DANE tutorial? Hi Dan and all, Even though it took some time, here in i attach a tutorial style document which explains implementing DANE and a Proof of Concept using a browser add-on. In case, if the attached document is interesting, i am ready to maintain it with new add-ons developed for DANE. Thanks for your views and feedback. Regards, Sandoche BALAKRICHENAN On 09/26/2012 08:27 PM, Dan York wrote: On Tue, 25 Sep 2012, Warren Kumari wrote: Something that would be very helpful for getting this deployed / implemented in browsers is number of folk (and more importantly, organizations) stating that they are planning on / would do DANE if the browsers supported it natively. Of course, even more helpful would be folk actually publishing TLSA records :-P To this last point about getting more TLSA records published, would anyone be interested in writing a step-by-step tutorial for how to publish a TLSA record? Or collaborating on writing one? If we had a page that was a simple set of steps it would be something we could pass around and encourage people to consider doing. I'm thinking of something like: Existing certificate: - get a copy of your TLS certificate - generate the appropriate hash using ____ - create a DNS record that looks like "........." - publish record (including DNSSEC signing) and celebrate New certificate - generate a new TLS certificate using ____ - install certificate in your web server (perhaps assume Apache for the tutorial) - generate the appropriate hash using ____ - create a DNS record that looks like "........." - publish record (including DNSSEC signing) and celebrate Now those steps may not be complete... this is just a first thought... and given that I've never deployed a TLSA record (but would like to) I don't know the exact steps. If anyone would be interested in creating something like this, I'd be glad to publish it on our Deploy360 site (with attribution to you and a link to a site) or if you publish it on your site I'd be glad to link to it from Deploy360. Or if you'd like to collaborate with me on writing something, I'd be glad to help with it. Even if someone could sketch out the basic outline of the commands one would use for the steps above, I'd be glad to write some text narrative explaining the commands. Anyone interested? Thanks, Dan -- Dan York [email protected]<mailto:[email protected]> http://www.danyork.me/<http://www.danyork.com/> skype:danyork Phone: +1-802-735-1624 Twitter - http://twitter.com/danyork _______________________________________________ dane mailing list [email protected]<mailto:[email protected]>https://www.ietf.org/mailman/listinfo/dane -- This message was scanned by ESVA and is believed to be clean.
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
