Re: [dane] Anyone interested in writing a DANE tutorial?

Paul Wouters <paul@cypherpunks.ca> Fri, 28 September 2012 17:55 UTC

Return-Path: <paul@cypherpunks.ca>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8AC8B21F852A for <dane@ietfa.amsl.com>; Fri, 28 Sep 2012 10:55:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.499
X-Spam-Level:
X-Spam-Status: No, score=-2.499 tagged_above=-999 required=5 tests=[AWL=-0.500, BAYES_00=-2.599, J_CHICKENPOX_38=0.6]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7fMaDGlRwA93 for <dane@ietfa.amsl.com>; Fri, 28 Sep 2012 10:55:26 -0700 (PDT)
Received: from bofh.nohats.ca (bofh.nohats.ca [76.10.157.69]) by ietfa.amsl.com (Postfix) with ESMTP id 2298421F84FA for <dane@ietf.org>; Fri, 28 Sep 2012 10:55:25 -0700 (PDT)
Received: by bofh.nohats.ca (Postfix, from userid 500) id 71CA580512; Fri, 28 Sep 2012 13:55:23 -0400 (EDT)
Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id 6662380476; Fri, 28 Sep 2012 13:55:23 -0400 (EDT)
Date: Fri, 28 Sep 2012 13:55:23 -0400
From: Paul Wouters <paul@cypherpunks.ca>
X-X-Sender: paul@bofh.nohats.ca
To: Dan York <dan-ietf@danyork.org>
In-Reply-To: <D57DD9FF-536B-4808-9365-F30ABDF85D3D@danyork.org>
Message-ID: <alpine.LFD.2.02.1209281348070.24512@bofh.nohats.ca>
References: <699F0F4D-3E06-44F5-88A4-40C1FC569E98@danyork.org> <50636FA2.6050403@os3.nl> <D57DD9FF-536B-4808-9365-F30ABDF85D3D@danyork.org>
User-Agent: Alpine 2.02 (LFD 1266 2009-07-14)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; format="flowed"; charset="ISO-8859-15"
Content-Transfer-Encoding: 8bit
Cc: dane WG list <dane@ietf.org>
Subject: Re: [dane] Anyone interested in writing a DANE tutorial?
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Sep 2012 17:55:26 -0000

On Fri, 28 Sep 2012, Dan York wrote:

> and will check out the code and try it out.  I also noticed recently that you added TLSA support into dnspython although it wasn't
> immediately clear to me how to use that support. (dnspython could use some examples related to dnssec in general... at some point I may
> go and write some if no else does that first.)

documentation there is indeed lacking,

[paul@bofh ~]$ python
Python 2.7.3 (default, Jul 24 2012, 10:05:38) 
[GCC 4.7.0 20120507 (Red Hat 4.7.0-5)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import dns.resolver
>>> answers = dns.resolver.query('_443.import dns.resolver', 'TLSA')
>>> answers
<dns.resolver.Answer object at 0x2259350>
>>> for rdata in answers:
...     print rdata
... 
1 0 1 6bcff9a283336dd1ed99a9c40427741b5658863bd54f0a876a2bc4bf8d822112
>>> answers[0].selector
0
>>> answers[0].usage
1


Hope this helps,

Note that Pieter's TLSA patch in dnspython has been pushed into Fedora/RHEL a
few days ago. It's available in updates-testing and should be available
as a released update in a week or so.

Paul