On 2/26/2019 11:10 AM, John Levine wrote: > In article <[email protected]> you write: >> We need to get switched over to DANE as quickly as possible, and stop >> wasting effort trying to keep the CA system alive with >> ever-hackier band-aids. > > What's the DANE version of a green-bar cert? > >
At one point, there was the DNSSEC/TLSA validator plug-in for browsers. I had used it and it worked quite well, displaying a green key for valid DANE. https://www.dnssec-validator.cz/ Unfortunately, Firefox's API change, circa version 57, was the start of browser changes that halted the project. I'd really like to see similar functionality return, not as a plug-in, but as a part of the base browser. === End of Support Tue 16 October 2018 After struggling and failing to implement the DNSSEC/TLSA Validator extension for Firefox Quantum (57+) we've decided to stop the development and support of the extension. Firefox 56 was the last version which provided necessary APIs that enabled the DNSSEC/TLSA Validator to check DNS records and certificates … ===
