-
Received a nice automated email today from Viktor Dukhovni (ietf-dane@dukhovni.org).
He runs a tool that monitors domains which use TLSA records.
And sends a notification email, when it detects botc…
-
### Expected behaviour
Owncloud Client should verify TLSA record
### Actual behaviour
Owncloud Client does not verify TLSA record
### Steps to reproduce
1. Set up a invalid TLSA record
###…
-
### Expected behaviour
Owncloud Client should verify TLSA record
### Actual behaviour
Owncloud Client does not verify TLSA record
### Steps to reproduce
1. Set up a invalid TLSA record
###…
-
This allows servers which can’t obtain a valid certificate to prove they actually are legitimate, and shouldn’t be rejected as invalid as long as the DNSSEC chain isn’t broken and the DNS records for …
-
Introduce a client that is able to a automatically update TLSA records on certificate renewal.
-
Yunohost uses StartTLS to hand-shake TLS encryptions, which is prone to downgrade attacks.
[DANE-SMTP](https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities) was developed to preve…
renne updated
5 months ago
-
Would be great if someone would fix this TODO ;-)
https://github.com/verisign/tlsa-survey/blob/8efd78a6c19ff72eb8db503829edb54a59dda28c/tlsa_survey.py#L208
-
While PKIX certificate usages are optional, for complete DANE implementation we should support DANE-TA(2). This is useful if server administrators that would like to pin self-signed CA instead of pinn…
-
### Summary
When having a playbook with TLSA records in it, you can run in the first time where it creates the record, but the send time you run the exact same playbook Cloudflare returns: "API bad r…
-
The following are comments/questions from reviewing the [Verification Process](https://github.com/CIRALabs/high-assurance-dids-with-dns/blob/main/draft-ietf-high-assurance-dids-with-dns.md#verificatio…