DANE, was A Deep Dive on the Recent Widespread DNS Hijacking

Mike the.lists at mgm51.com
Wed Feb 27 14:43:35 UTC 2019

On 2/26/2019 11:10 AM, John Levine wrote:
> In article <B68C84D4-9D1A-4303-94CA-59CEBFB6B934 at pch.net> you write:
>> We need to get switched over to DANE as quickly as possible, and stop wasting effort trying to keep the CA system alive with
>> ever-hackier band-aids.
> What's the DANE version of a green-bar cert?

At one point, there was the DNSSEC/TLSA validator plug-in for browsers.
I had used it and it worked quite well, displaying a green key for valid


Unfortunately, Firefox's API change, circa version 57, was the start of
browser changes that halted the project.

I'd really like to see similar functionality return, not as a plug-in,
but as a part of the base browser.


End of Support

Tue 16 October 2018

After struggling and failing to implement the DNSSEC/TLSA Validator
extension for Firefox Quantum (57+) we've decided to stop the
development and support of the extension.

Firefox 56 was the last version which provided necessary APIs that
enabled the DNSSEC/TLSA Validator to check DNS records and certificates  …


More information about the NANOG mailing list