Security/DNSSEC-TLS: Difference between revisions

Jump to navigation Jump to search

Security/DNSSEC-TLS (view source)

Revision as of 17:21, 1 July 2011

No change in size ,  1 July 2011
m
→‎DNSSEC Chains
Line 47: Line 47:
Note that once a chain has been serialized, it will only be valid for as long as every signature in it is valid. That is, it will become invalid when any signature it contains expires.
Note that once a chain has been serialized, it will only be valid for as long as every signature in it is valid. That is, it will become invalid when any signature it contains expires.


For reference, another proposal for the serialization of a DNSSEC chain is [http://tools.ietf.org/html/draft-agl-dane-serializechain-00 here]. Note that this proposal does not follow exactly the wire format of DNS records. Consequently, preexisting code cannot be used to serialize, parse, or validate the chain. Additionally, more flexibility means more opportunities for insecure verifier behavior. This proposal is not currently being used in this project.
For reference, another proposal for the serialization of a DNSSEC chain is [http://tools.ietf.org/html/draft-agl-dane-serializechain-01 here]. Note that this proposal does not follow exactly the wire format of DNS records. Consequently, preexisting code cannot be used to serialize, parse, or validate the chain. Additionally, more flexibility means more opportunities for insecure verifier behavior. This proposal is not currently being used in this project.


== Google Chrome ==
== Google Chrome ==
Dkeeler
Confirmed users
299

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/324497"

Navigation menu