In a related vein, I gave a DANE overview at a NIST workshop last week: < http://csrc.nist.gov/groups/ST/ca-workshop-2013/presentations/Barnes_ca-workshop2013.pdf >
On Mon, Apr 15, 2013 at 9:08 AM, Sandoche Balakrichenan < sandoche.balakriche...@nic.fr> wrote: > Hi Dan and all, > > Even though it took some time, here in i attach a tutorial style > document which explains implementing DANE and a Proof of Concept using a > browser add-on. > > In case, if the attached document is interesting, i am ready to maintain > it with new add-ons developed for DANE. > > Thanks for your views and feedback. > > > Regards, > Sandoche BALAKRICHENAN > > > > > On 09/26/2012 08:27 PM, Dan York wrote: > > On Tue, 25 Sep 2012, Warren Kumari wrote: > > Something that would be very helpful for getting this deployed / > > implemented in browsers is number of folk (and more importantly, > > organizations) stating that they are planning on / would do DANE if > > the browsers supported it natively. Of course, even more helpful would > > be folk actually publishing TLSA records :-P > > > To this last point about getting more TLSA records published, would > anyone be interested in writing a step-by-step tutorial for how to publish > a TLSA record? Or collaborating on writing one? > > If we had a page that was a simple set of steps it would be something > we could pass around and encourage people to consider doing. I'm thinking > of something like: > > Existing certificate: > - get a copy of your TLS certificate > - generate the appropriate hash using ____ > - create a DNS record that looks like "........." > - publish record (including DNSSEC signing) and celebrate > > New certificate > - generate a new TLS certificate using ____ > - install certificate in your web server (perhaps assume Apache for the > tutorial) > - generate the appropriate hash using ____ > - create a DNS record that looks like "........." > - publish record (including DNSSEC signing) and celebrate > > Now those steps may not be complete... this is just a first thought... > and given that I've never deployed a TLSA record (but would like to) I > don't know the exact steps. > > If anyone would be interested in creating something like this, I'd be > glad to publish it on our Deploy360 site (with attribution to you and a > link to a site) or if you publish it on your site I'd be glad to link to it > from Deploy360. Or if you'd like to collaborate with me on writing > something, I'd be glad to help with it. > > Even if someone could sketch out the basic outline of the commands one > would use for the steps above, I'd be glad to write some text narrative > explaining the commands. > > Anyone interested? > > Thanks, > Dan > > > -- > Dan York dy...@lodestar2.com > http://www.danyork.me/ <http://www.danyork.com/> skype:danyork > Phone: +1-802-735-1624 > Twitter - http://twitter.com/danyork > > > > > > _______________________________________________ > dane mailing listdane@ietf.orghttps://www.ietf.org/mailman/listinfo/dane > > > > _______________________________________________ > dane mailing list > dane@ietf.org > https://www.ietf.org/mailman/listinfo/dane > >
_______________________________________________ dane mailing list dane@ietf.org https://www.ietf.org/mailman/listinfo/dane
