[sr-dev] DNSsec and DANE
Olle E. Johansson
oej at edvina.net
Sun Apr 21 17:48:17 CEST 2013
Marius,
Just some ideas for the future. In order to move ahead with DNSsec and DANE - certificate handling - we
need an entry in the NAPTR, SRV and A records on whether they was verified with DNSsec. This propably
needs to be added to the resolver cache.
If they are all verified, we have a verified path and can check TLSA records for certificates or validation or CAs.
If not, we have to resort to traditional TLS.
Parse this as some random notes after reading up on the DANE drafts on SRV records. :-)
http://tools.ietf.org/html/draft-ietf-dane-srv-02
/O
More information about the sr-dev
mailing list