DANE, was A Deep Dive on the Recent Widespread DNS Hijacking
Mike
the.lists at mgm51.com
Wed Feb 27 14:43:35 UTC 2019
On 2/26/2019 11:10 AM, John Levine wrote:
> In article <B68C84D4-9D1A-4303-94CA-59CEBFB6B934 at pch.net> you write:
>> We need to get switched over to DANE as quickly as possible, and stop wasting effort trying to keep the CA system alive with
>> ever-hackier band-aids.
>
> What's the DANE version of a green-bar cert?
>
>
At one point, there was the DNSSEC/TLSA validator plug-in for browsers.
I had used it and it worked quite well, displaying a green key for valid
DANE.
https://www.dnssec-validator.cz/
Unfortunately, Firefox's API change, circa version 57, was the start of
browser changes that halted the project.
I'd really like to see similar functionality return, not as a plug-in,
but as a part of the base browser.
===
End of Support
Tue 16 October 2018
After struggling and failing to implement the DNSSEC/TLSA Validator
extension for Firefox Quantum (57+) we've decided to stop the
development and support of the extension.
Firefox 56 was the last version which provided necessary APIs that
enabled the DNSSEC/TLSA Validator to check DNS records and certificates …
===
More information about the NANOG
mailing list