-
This DANE test site has intentionally an invalid DNSSEC signature:
```
bad-sig.dane.verisignlabs.com - Valid TLSA record but the DNSSEC signature is invalid.
```
… yet the output is:
``` bash
$ ./q…
-
I have a testing zone for multi-signer DNSSEC with three signers. One of the signers includes CDS/CDNSKEY records but other don't. DNSViz reports `EXISTING_TYPE_NOT_IN_BITMAP` error on the NSEC record…
-
DNSSEC/DANE are two dns-based technologies for securing the hostname lookup (DNSSEC) and the TLS connection to the server (DANE, using a TLSA record).
Currently mail providers are one of the few larg…
-
When testing my domain (that has DNSSEC, but not TLSA records), I get a Python error at line 404 of dane_checker.py:
=> 404 if n.endswith("."): n = n[0:-1]
n = b'mail', n.endswith =
TypeE…
-
Hello,
is there a Possibility to remove record-types that are not used by myself..
i only need A,AAAA,CAA,CNAME,MX,NS,OPENPGPKEY,SRV,TLSA,TXT
but how to remove the other Record-Types from the…
-
One issue with allowing users to trust a validating resolver over a secure channel is that the secure connection itself relies on WebPKI which takes away the advantages provided by DANE.
Pinning is…
-
I have union data type field inside my C structure and YAML data for the same. I am unable to use libcyaml library in this case. LIBCYAML does not have corresponding CYAML_FIELD and CYAML_VALUE for u…
-
Need to add some text requiring the chain lookup on SNI, if available.
-
postfix for a long time has failed to build with libressl with unknown types and implicit function declarations.
```
tls_misc.c: In function 'tls_library_init':
tls_misc.c:705:5: error: unknown typ…
orbea updated
11 months ago
-
Based on our meeting this morning, I have generalized the configuration for issuers. The record for each issuer now is
```bash
{"domain": "trustroot.ca", "typ": "dns/did", "alg": "secp256k1","privke…