Re: [dane] Two additions to draft-york-dane-deployment-observations-00
Paul Wouters <paul@nohats.ca> Mon, 10 November 2014 05:36 UTC
Return-Path: <paul@nohats.ca>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4D8EF1A890D for <dane@ietfa.amsl.com>; Sun, 9 Nov 2014 21:36:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.594
X-Spam-Level:
X-Spam-Status: No, score=-2.594 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.594] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TvNHK556xKab for <dane@ietfa.amsl.com>; Sun, 9 Nov 2014 21:36:43 -0800 (PST)
Received: from bofh.nohats.ca (bofh.nohats.ca [76.10.157.69]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3EDD61A040B for <dane@ietf.org>; Sun, 9 Nov 2014 21:36:43 -0800 (PST)
Received: from bofh.nohats.ca (bofh.nohats.ca [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id 56A4D817C1; Mon, 10 Nov 2014 00:36:42 -0500 (EST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1415597802; bh=C5IQE9Kg417vlQWOyPTBqbt1LNOEhLoQbErXWPFb02o=; h=Date:From:To:cc:Subject:In-Reply-To:References; b=eAsIPHebGcYv+/u1MSzFvse1nAZy5EXdHDhKqLd0bqLyY+HbXSb31qK6hVKjrROZp KeaSqLxz+TbYmlnrhrbDdKKshNURy2ZaghbcsoFdJotwKRR4ycby142NndtksJpm1z nkMxAaEkY4OzLdcjONtsEwPON3M4cg7J6DKuX2tM=
Received: from localhost (paul@localhost) by bofh.nohats.ca (8.14.7/8.14.7/Submit) with ESMTP id sAA5afsA012071; Mon, 10 Nov 2014 00:36:41 -0500
X-Authentication-Warning: bofh.nohats.ca: paul owned process doing -bs
Date: Mon, 10 Nov 2014 00:36:41 -0500
From: Paul Wouters <paul@nohats.ca>
To: Stephane Bortzmeyer <bortzmeyer@nic.fr>
In-Reply-To: <20141109035925.GA20946@laperouse.bortzmeyer.org>
Message-ID: <alpine.LFD.2.10.1411100035410.11243@bofh.nohats.ca>
References: <20141107232915.GA31913@laperouse.bortzmeyer.org> <6DB8CC95-E47A-4C0B-BC0B-7D9A4F8F65B5@edvina.net> <20141109035925.GA20946@laperouse.bortzmeyer.org>
User-Agent: Alpine 2.10 (LFD 1266 2009-07-14)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="ISO-8859-7"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: http://mailarchive.ietf.org/arch/msg/dane/q2d3ynKCt2gYpTV8g-0lxB7BiwU
Cc: dane WG list <dane@ietf.org>
Subject: Re: [dane] Two additions to draft-york-dane-deployment-observations-00
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Nov 2014 05:36:45 -0000
On Sat, 8 Nov 2014, Stephane Bortzmeyer wrote: > I was not talking about DNSsec monitoring (I already use it, otherwise > I would never have deployed DNSsec in production for serious domains) > but about DANE monitoring: get the TLSA record, open a TLS connection, > get the certificate, check that it is consistent with what the TLSA > record announces. https://www.dnssec-validator.cz/ DNSSEC/TLSA Validator is a web browser add-on which allows you to check the existence and validity of DNS Security Extensions (DNSSEC) records and Transport Layer Security Association (TLSA) records related to domain names. Results of these checks are displayed by using icons and information texts in the page’s address-bar or browser tool-bar. Currently, Internet Explorer (IE), Mozilla Firefox (MF), Google Chrome/Chromium (GC), Opera (OP), Apple Safari (AS) are supported.
- [dane] Two additions to draft-york-dane-deploymen… Stephane Bortzmeyer
- Re: [dane] Two additions to draft-york-dane-deplo… Viktor Dukhovni
- Re: [dane] Two additions to draft-york-dane-deplo… Olle E. Johansson
- Re: [dane] Two additions to draft-york-dane-deplo… Stephane Bortzmeyer
- Re: [dane] Two additions to draft-york-dane-deplo… Melinda Shore
- Re: [dane] Two additions to draft-york-dane-deplo… Viktor Dukhovni
- Re: [dane] Two additions to draft-york-dane-deplo… Paul Wouters
- Re: [dane] Two additions to draft-york-dane-deplo… Paul Wouters
- Re: [dane] Two additions to draft-york-dane-deplo… Stephane Bortzmeyer
- Re: [dane] Two additions to draft-york-dane-deplo… Viktor Dukhovni
- Re: [dane] Two additions to draft-york-dane-deplo… Viktor Dukhovni
- Re: [dane] Two additions to draft-york-dane-deplo… Terry Burton
- [dane] "Swede" likely not ready for production use Viktor Dukhovni
- Re: [dane] Two additions to draft-york-dane-deplo… Shumon Huque
- Re: [dane] Two additions to draft-york-dane-deplo… Paul Wouters
- Re: [dane] Two additions to draft-york-dane-deplo… Viktor Dukhovni
- Re: [dane] Two additions to draft-york-dane-deplo… Viktor Dukhovni
- Re: [dane] Two additions to draft-york-dane-deplo… Shumon Huque