On 29. 5. 2013, at 3:29, Viktor Dukhovni <[email protected]> wrote: > I have not had a chance to look at this in detail and I don't know > much about writing browser plugins, so it is not clear how one > robustly hooks into the browser's HTTPS connection establishment > process.
Generally it's a post-connection hook. (Same as Cert Patrol, etc.) DNSSEC-Validator (we are the authors) doesn't have DANE support yet, it's planned to be in 2.1.0 version of the add-on. > I would recommend using browsers that support DANE natively, > via a properly reviewed implementation in the browser itself. I'd be > suspicious of the safety of addons. I do agree with you, but there are none usable native-DANE-support browsers. > Perhaps someone else can take a stab at it. My impression is that > a non-trivial fraction of the early implementations are substantively > flawed. Caveat emptor. -- Ondřej Surý -- Chief Science Officer ------------------------------------------- CZ.NIC, z.s.p.o. -- Laboratoře CZ.NIC Americka 23, 120 00 Praha 2, Czech Republic mailto:[email protected] http://nic.cz/ tel:+420.222745110 fax:+420.222745112 -------------------------------------------
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
