Le 24/03/2014 14:23, Raphael Geissert a écrit :
Anyway, I strongly recommend that nobody waste their time on an issue
which in a couple of years will be much less relevant thanks to DANE.
If only people actually used DNSSEC and DANE - Chromium/Google Chrome dropped
support for the latter due to the lack of use[1].
[1]https://www.imperialviolet.org/2011/06/16/dnssecchrome.html
I believe you are mistaken. That blog post is about Google's own design
for "DNSSEC stapled certificates" . Not DANE.
On Mon, 24 Mar 2014, Peter Palfrader wrote:
DNS servers have supported them for years; RFC3597 is over a decade old
by now.
TLSA records were defined by RFC6698, which was issued in August 2012.
--
Edward Allcutt
