MozillaWiki

Security/DNSSEC-TLS-details: Difference between revisions

Page Discussion

Security/DNSSEC-TLS-details (view source)

Revision as of 20:56, 11 August 2011

119 bytes added ,  11 August 2011
no edit summary
No edit summary
Line 79: Line 79:


For certificates with a known root of trust, the policy is "The certificate chain must be valid and (the DNSSEC chain must be valid or the domain does not require such additional validation)". Currently there is no mechanism to specify whether or not a domain requires DNSSEC validation. In This case any TLSA certificate type may be used.
For certificates with a known root of trust, the policy is "The certificate chain must be valid and (the DNSSEC chain must be valid or the domain does not require such additional validation)". Currently there is no mechanism to specify whether or not a domain requires DNSSEC validation. In This case any TLSA certificate type may be used.
== CNAME issues ==
The use of CNAME records introduces complexities into this system that have yet to be ironed out.


== DNSSEC Libraries ==
== DNSSEC Libraries ==
Dkeeler
Confirmed users
299

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/338875"