[dane] NIST DANE Tester Announcement

Stephen Nightingale <night@nist.gov> Wed, 06 November 2013 16:59 UTC

Return-Path: <stephen.nightingale@nist.gov>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 0763921E8151 for <dane@ietfa.amsl.com>; Wed, 6 Nov 2013 08:59:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.74
X-Spam-Status: No, score=-4.74 tagged_above=-999 required=5 tests=[BAYES_20=-0.74, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id BE6p9G19rlRb for <dane@ietfa.amsl.com>; Wed, 6 Nov 2013 08:59:01 -0800 (PST)
Received: from wsget1.nist.gov (wsget1.nist.gov []) by ietfa.amsl.com (Postfix) with ESMTP id D20D521E8115 for <dane@ietf.org>; Wed, 6 Nov 2013 08:58:51 -0800 (PST)
Received: from WSXGHUB1.xchange.nist.gov ( by wsget1.nist.gov ( with Microsoft SMTP Server (TLS) id; Wed, 6 Nov 2013 11:58:33 -0500
Received: from postmark.nist.gov ( by WSXGHUB1.xchange.nist.gov ( with Microsoft SMTP Server (TLS) id; Wed, 6 Nov 2013 11:58:50 -0500
Received: from [] (31-140.antd.nist.gov []) by postmark.nist.gov (8.13.8/8.13.1) with ESMTP id rA6GwbrO015251; Wed, 6 Nov 2013 11:58:38 -0500
Message-ID: <527A753A.4040800@nist.gov>
Date: Wed, 06 Nov 2013 11:58:34 -0500
From: Stephen Nightingale <night@nist.gov>
Organization: NIST
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130801 Thunderbird/17.0.8
MIME-Version: 1.0
To: dane@ietf.org
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Subject: [dane] NIST DANE Tester Announcement
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: night@nist.gov
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Nov 2013 17:00:57 -0000

For those DANEs who are in Vancouver, you can talk to Scott Rose or Doug 
Montgomery about this. Doug will be at the informal DANE lunch tomorrow.


NIST has developed a test system for the RFC 6698 DANE protocol. DANE 
seeks to verify PKIX certificate based Transport Layer Security (RFC 
5246 TLS) connections using the Domain Name System as secured by DNSSEC.


The NIST DANE test system has three modes of operation:

- Test your DANE enabled site:
    Enter the URL of a site for which a DANE TLSA resource record is 
provisioned. The system will negotiate the connection, verify with DANE 
and get the web page - or provide failure diagnostics.

- A reference test set to test your browser in response to all possible 
DANE configurations.

- If your browser is NOT DANE enabled, a reference test set to test a 
DANE client's response to all possible configurations and return the 
results to your browser.

The site is up and available for testing - But it is still early days 
and there may be occasional outages. Please be patient and/or let us know.

Stephen Nightingale, NIST
HAD Pilot Program