IETF Logo Mail Archive

Re: [dane] Anyone interested in writing a DANE tutorial?

Sandoche Balakrichenan <sandoche.balakrichenan@nic.fr> Mon, 15 April 2013 13:10 UTC

Return-Path: <sandoche.balakrichenan@nic.fr>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 04A5C21F93BA for <dane@ietfa.amsl.com>; Mon, 15 Apr 2013 06:10:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0
X-Spam-Level:
X-Spam-Status: No, score=x tagged_above=-999 required=5 tests=[]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sdDPxdiKTpZr for <dane@ietfa.amsl.com>; Mon, 15 Apr 2013 06:10:05 -0700 (PDT)
Received: from mx4.nic.fr (mx4.nic.fr [192.134.4.12]) by ietfa.amsl.com (Postfix) with ESMTP id 4D85F21F905B for <dane@ietf.org>; Mon, 15 Apr 2013 06:09:59 -0700 (PDT)
Received: from mx4.nic.fr (localhost [127.0.0.1]) by mx4.nic.fr (Postfix) with SMTP id 76CBD2807BA; Mon, 15 Apr 2013 15:09:25 +0200 (CEST)
Received: from relay2.nic.fr (relay2.nic.fr [192.134.4.163]) by mx4.nic.fr (Postfix) with ESMTP id 63A0128070C; Mon, 15 Apr 2013 15:09:25 +0200 (CEST)
Received: from [10.10.86.63] (tirodite.tech.prive.sqy.nic.fr [10.10.86.63]) by relay2.nic.fr (Postfix) with ESMTP id 437ACB3805C; Mon, 15 Apr 2013 15:08:55 +0200 (CEST)
Message-ID: <516BFBE9.5010509@hermes.nic.fr>
Date: Mon, 15 Apr 2013 15:08:57 +0200
From: Sandoche Balakrichenan <sandoche.balakrichenan@nic.fr>
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:17.0) Gecko/20130308 Thunderbird/17.0.4
MIME-Version: 1.0
To: dane@ietf.org
References: <699F0F4D-3E06-44F5-88A4-40C1FC569E98@danyork.org>
In-Reply-To: <699F0F4D-3E06-44F5-88A4-40C1FC569E98@danyork.org>
Content-Type: multipart/mixed; boundary="------------000001060009020400040107"
X-Mailman-Approved-At: Mon, 15 Apr 2013 06:36:09 -0700
Cc: Niall O'Reilly <Niall.oReilly@ucd.ie>, Phil Regnauld <regnauld@nsrc.org>, "Mohsen.Souissi@afnic.fr" <Mohsen.Souissi@afnic.fr>
Subject: Re: [dane] Anyone interested in writing a DANE tutorial?
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Apr 2013 13:10:06 -0000

Hi Dan and all,

       Even though it took some time, here in i attach a tutorial style
document which explains implementing DANE and a Proof of Concept using a
browser add-on.

In case, if the attached document is interesting, i am ready to maintain
it with new add-ons developed for DANE.

Thanks for your views and feedback.


Regards,
Sandoche BALAKRICHENAN




On 09/26/2012 08:27 PM, Dan York wrote:
> On Tue, 25 Sep 2012, Warren Kumari wrote:
>
>> Something that would be very helpful for getting this deployed /
>> implemented in browsers is number of folk (and more importantly,
>> organizations) stating that they are planning on / would do DANE if
>> the browsers supported it natively. Of course, even more helpful would
>> be folk actually publishing TLSA records :-P
>
> To this last point about getting more TLSA records published, would
> anyone be interested in writing a step-by-step tutorial for how to
> publish a TLSA record?  Or collaborating on writing one?
>
> If we had a page that was a simple set of steps it would be something
>  we could pass around and encourage people to consider doing.  I'm
> thinking of something like:
>
> Existing certificate:
>  - get a copy of your TLS certificate
>  - generate the appropriate hash using ____
>  - create a DNS record that looks like "........."
>  - publish record (including DNSSEC signing) and celebrate
>
> New certificate
>   - generate a new TLS certificate using ____
>   - install certificate in your web server (perhaps assume Apache for
> the tutorial)
>   - generate the appropriate hash using ____
>  - create a DNS record that looks like "........."
>  - publish record (including DNSSEC signing) and celebrate
>
> Now those steps may not be complete... this is just a first thought...
> and given that I've never deployed a TLSA record (but would like to) I
> don't know the exact steps. 
>
> If anyone would be interested in creating something like this, I'd be
> glad to publish it on our Deploy360 site (with attribution to you and
> a link to a site) or if you publish it on your site I'd be glad to
> link to it from Deploy360.    Or if you'd like to collaborate with me
> on writing something, I'd be glad to help with it.
>
> Even if someone could sketch out the basic outline of the commands one
> would use for the steps above, I'd be glad to write some text
> narrative explaining the commands.
>
> Anyone interested?
>
> Thanks,
> Dan
>
>
> -- 
> Dan York  dyork@lodestar2.com <mailto:dyork@lodestar2.com>
> http://www.danyork.me/ <http://www.danyork.com/>   skype:danyork
> Phone: +1-802-735-1624
> Twitter - http://twitter.com/danyork
>
>
>
>
>
> _______________________________________________
> dane mailing list
> dane@ietf.org
> https://www.ietf.org/mailman/listinfo/dane

v2.23.0 | Report a Bug | By Email