On 2016/04/26 16:54, Elmar Stellnberger wrote: > >Synopsis: wish: add DANE support to dig > >Category: security/certificate management > >Environment: > System : OpenBSD 5.9 > Details : OpenBSD 5.9 (GENERIC) #1561: Fri Feb 26 01:22:37 MST 2016 > > [email protected]:/usr/src/sys/arch/i386/compile/GENERIC > > Architecture: OpenBSD.i386 > Machine : i386 > >Description: > Support for DANE with dig would be a nice thing. It will not only be > useful for the sysadmin who wants to check his DANE setup but also for > casual users; f.i. you can download a cert, verify its sha256 via DANE and > then check that you have the right cert with programs like filezilla. It is > also possible to delete all root certs for Firefox and then only import > specially trusted certs.
# pkg-add isc-bind # /usr/local/bin/dig @192.33.4.12 +trusted-key=/etc/trusted-key.key [...]
