yonas
commented
3 years ago Support for DANE-TA would be great.
Open hdatma opened 5 years ago
yonas
commented
3 years ago Support for DANE-TA would be great.
hdatma
commented
3 years ago Support for DANE-TA would be great.
Although libressl is the default in openbsd, and openbsd claims to be the best in security, the lack of DANE support is undermining the claim. The openbsd project does not use DANE, so they have no experience with it. We rely on DANE, and therefore we deprecated libressl in our projects. Three years are a long time to hold breath.
I get the following when compiling ldns without "--disable-dane-ta-usage".
Configure: error: OpenSSL [LibreSSL] does not support offline DANE verification (Needed for the DANE-TA usage type). Please upgrade OpenSSL to version >= 1.1.0 or rerun with --disable-dane-verify or --disable-dane-ta-usageAre there any plans to support offline DANE verification?