Re: [dane] NIST DANE Tester Announcement

Viktor Dukhovni <> Wed, 06 November 2013 22:14 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 7D82421E8095 for <>; Wed, 6 Nov 2013 14:14:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id qnT8VTqtCxHc for <>; Wed, 6 Nov 2013 14:14:46 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id 43DB321F9FC8 for <>; Wed, 6 Nov 2013 14:14:45 -0800 (PST)
Received: by (Postfix, from userid 1034) id B54842AB121; Wed, 6 Nov 2013 22:14:42 +0000 (UTC)
Date: Wed, 06 Nov 2013 22:14:42 +0000
From: Viktor Dukhovni <>
Message-ID: <>
References: <>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <>
User-Agent: Mutt/1.5.21 (2010-09-15)
Subject: Re: [dane] NIST DANE Tester Announcement
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS-based Authentication of Named Entities <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 06 Nov 2013 22:14:50 -0000

On Wed, Nov 06, 2013 at 11:58:34AM -0500, Stephen Nightingale wrote:

> The NIST DANE test system has three modes of operation:
> - Test your DANE enabled site:
>    Enter the URL of a site for which a DANE TLSA resource record is
> provisioned. The system will negotiate the connection, verify with
> DANE and get the web page - or provide failure diagnostics.
> - A reference test set to test your browser in response to all
> possible DANE configurations.
> - If your browser is NOT DANE enabled, a reference test set to test
> a DANE client's response to all possible configurations and return
> the results to your browser.
> The site is up and available for testing - But it is still early
> days and there may be occasional outages. Please be patient and/or
> let us know.

Yet none of the major browsers are as ye showing interest in DANE.
Perhaps a test-bed for DANE SMTP sites would be more useful in the
near-term, as there is now at least one DANE capable MTA (Postfix),
and another (Exim) coming soon.

If they are interested in test case suggestions, they can get in
touch with me off list.  I am also interested in finding out which
DANE client toolkit they are using.  Publishing that code could
help steer other implementations in the right direction, or help
identify potential problems.