Re: [dane] Anyone interested in writing a DANE tutorial?

[Sandoche Balakrichenan <sandoche.balakrichenan@afnic.fr>]

Thank for your feedback. My comments below:

On 04/15/2013 08:30 PM, Viktor Dukhovni wrote:
> On Mon, Apr 15, 2013 at 03:08:57PM +0200, Sandoche Balakrichenan wrote:
>
>> Even though it took some time, here in i attach a tutorial style
>> document which explains implementing DANE and a Proof of Concept using a
>> browser add-on.
> The "guide" could be much shorter.  Just explain clearly how to set up
> TLSA records for HTTPS in the context of an already signed DNSSEC zone.
==> The focus of the document was to act as a guide for someone who has
a domain name and has some knowledge (an expert does not need this
document) of configuring his domain zone to add a TLSA RR and do an
end-to-end test. Making it more shorter, i felt will not fulfill this
objective.
>
> The description of DNSSEC configuration is too miminal to be very
> useful. In fact almost downright dangerous, since operating a DNSSEC
> zone is a lot more involved than a one-time registration of a DS
> RR in the parent zone.  This topic is covered in a lot more depth
> elsewhere and you're unlikely to do it justice except by reference
> to something that already covers this well.
==> Completely agree. Will provide a proper reference in the next iteration.
>
> Since the write-up explains none of the implementation details of
> the browser client plugin, the discussion of the client behaviour
> is just a distraction.
==> My first comment answers this question.
>
> Is the document a paper for academic publication or a How-To guide
> for system administrators?  It seems to be a strange mixture of
> the two.
>
==> More as an How-To guide?

Thanks again,
Sandoche.