nanog mailing list archives
Re: DANE, was A Deep Dive on the Recent Widespread DNS Hijacking
From: Mike via NANOG <nanog () nanog org>
Date: Wed, 27 Feb 2019 09:43:35 -0500
On 2/26/2019 11:10 AM, John Levine wrote:
In article <B68C84D4-9D1A-4303-94CA-59CEBFB6B934 () pch net> you write:We need to get switched over to DANE as quickly as possible, and stop wasting effort trying to keep the CA system alive with ever-hackier band-aids.What's the DANE version of a green-bar cert?
At one point, there was the DNSSEC/TLSA validator plug-in for browsers. I had used it and it worked quite well, displaying a green key for valid DANE. https://www.dnssec-validator.cz/ Unfortunately, Firefox's API change, circa version 57, was the start of browser changes that halted the project. I'd really like to see similar functionality return, not as a plug-in, but as a part of the base browser. === End of Support Tue 16 October 2018 After struggling and failing to implement the DNSSEC/TLSA Validator extension for Firefox Quantum (57+) we've decided to stop the development and support of the extension. Firefox 56 was the last version which provided necessary APIs that enabled the DNSSEC/TLSA Validator to check DNS records and certificates … ===
Current thread:
- Re: A Deep Dive on the Recent Widespread DNS Hijacking, (continued)
- Re: A Deep Dive on the Recent Widespread DNS Hijacking David Conrad (Feb 26)
- Re: A Deep Dive on the Recent Widespread DNS Hijacking Ca By (Feb 26)
- Re: A Deep Dive on the Recent Widespread DNS Hijacking John Levine (Feb 26)
- Re: A Deep Dive on the Recent Widespread DNS Hijacking Bill Woodcock (Feb 26)
- Message not available
- Re: A Deep Dive on the Recent Widespread DNS Hijacking Bill Woodcock (Feb 26)
- Re: A Deep Dive on the Recent Widespread DNS Hijacking John Levine (Feb 26)
- Re: A Deep Dive on the Recent Widespread DNS Hijacking bzs (Feb 26)
- Re: A Deep Dive on the Recent Widespread DNS Hijacking Bill Woodcock (Feb 26)
- Re: DANE, was A Deep Dive on the Recent Widespread DNS Hijacking John Levine (Feb 26)
- Re: DANE, was A Deep Dive on the Recent Widespread DNS Hijacking Julien Goodwin (Feb 26)
- Re: DANE, was A Deep Dive on the Recent Widespread DNS Hijacking Mike via NANOG (Feb 27)
- Re: DANE, was A Deep Dive on the Recent Widespread DNS Hijacking Töma Gavrichenkov (Feb 27)
- RE: DANE, was A Deep Dive on the Recent Widespread DNS Hijacking Eric Tykwinski (Feb 27)
- Re: DANE, was A Deep Dive on the Recent Widespread DNS Hijacking Måns Nilsson (Feb 27)
- Re: a detour DANE, was A Deep Dive on the Recent Widespread DNS Hijacking John Levine (Feb 27)
- Re: a detour DANE, was A Deep Dive on the Recent Widespread DNS Hijacking Måns Nilsson (Feb 27)
- Re: a detour DANE, was A Deep Dive on the Recent Widespread DNS Hijacking Mark Andrews (Feb 27)
- Re: a detour DANE, was A Deep Dive on the Recent Widespread DNS Hijacking John R. Levine (Feb 27)
- Re: a detour DANE, was A Deep Dive on the Recent Widespread DNS Hijacking Mark Andrews (Feb 27)
- Re: a detour DANE, was A Deep Dive on the Recent Widespread DNS Hijacking John R. Levine (Feb 27)
- Re: a detour DANE, was A Deep Dive on the Recent Widespread DNS Hijacking Mark Andrews (Feb 27)