IETF Logo Mail Archive

Re: [dane] Two additions to draft-york-dane-deployment-observations-00

Stephane Bortzmeyer <bortzmeyer@nic.fr> Sun, 09 November 2014 04:02 UTC

Return-Path: <bortzmeyer@nic.fr>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E7F7D1A033B for <dane@ietfa.amsl.com>; Sat, 8 Nov 2014 20:02:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UgwXHcR8HooL for <dane@ietfa.amsl.com>; Sat, 8 Nov 2014 20:02:29 -0800 (PST)
Received: from mail.bortzmeyer.org (aetius.bortzmeyer.org [IPv6:2001:4b98:dc0:41:216:3eff:fece:1902]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9EB4B1A0179 for <dane@ietf.org>; Sat, 8 Nov 2014 20:02:29 -0800 (PST)
Received: by mail.bortzmeyer.org (Postfix, from userid 10) id BA8CD3BC30; Sun, 9 Nov 2014 05:02:27 +0100 (CET)
Received: by tyrion (Postfix, from userid 1000) id 58F3CF00CDB; Sat, 8 Nov 2014 19:59:25 -0800 (PST)
Date: Sat, 08 Nov 2014 17:59:25 -1000
From: Stephane Bortzmeyer <bortzmeyer@nic.fr>
To: "Olle E. Johansson" <oej@edvina.net>
Message-ID: <20141109035925.GA20946@laperouse.bortzmeyer.org>
References: <20141107232915.GA31913@laperouse.bortzmeyer.org> <6DB8CC95-E47A-4C0B-BC0B-7D9A4F8F65B5@edvina.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <6DB8CC95-E47A-4C0B-BC0B-7D9A4F8F65B5@edvina.net>
X-Transport: UUCP rules
X-Operating-System: Ubuntu 14.04 (trusty)
User-Agent: Mutt/1.5.21 (2010-09-15)
Archived-At: http://mailarchive.ietf.org/arch/msg/dane/hkZuX0XQh8qNyt9FPAFKww65DQY
Cc: dane@ietf.org
Subject: Re: [dane] Two additions to draft-york-dane-deployment-observations-00
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 09 Nov 2014 04:02:32 -0000

On Sat, Nov 08, 2014 at 08:17:15AM +0100,
 Olle E. Johansson <oej@edvina.net> wrote 
 a message of 10 lines which said:

> Nagios scripts to monitor DNSsec zones :-)

I was not talking about DNSsec monitoring (I already use it, otherwise
I would never have deployed DNSsec in production for serious domains)
but about DANE monitoring: get the TLSA record, open a TLS connection,
get the certificate, check that it is consistent with what the TLSA
record announces.

As far as I know, there is currently no software for that.

v2.20.3 | Report a Bug | By Email