On 11/6/2013 5:14 PM, Viktor Dukhovni wrote:
On Wed, Nov 06, 2013 at 11:58:34AM -0500, Stephen Nightingale wrote:
https://www.had-pilot.com/dane/danelaw.html
The NIST DANE test system has three modes of operation:
- Test your DANE enabled site:
Enter the URL of a site for which a DANE TLSA resource record is
provisioned. The system will negotiate the connection, verify with
DANE and get the web page - or provide failure diagnostics.
- A reference test set to test your browser in response to all
possible DANE configurations.
- If your browser is NOT DANE enabled, a reference test set to test
a DANE client's response to all possible configurations and return
the results to your browser.
The site is up and available for testing - But it is still early
days and there may be occasional outages. Please be patient and/or
let us know.
Yet none of the major browsers are as ye showing interest in DANE.
Perhaps a test-bed for DANE SMTP sites would be more useful in the
near-term, as there is now at least one DANE capable MTA (Postfix),
and another (Exim) coming soon.
DANE SMTP (and SMIMEA) is coming soon.
If they are interested in test case suggestions, they can get in
touch with me off list. I am also interested in finding out which
DANE client toolkit they are using. Publishing that code could
help steer other implementations in the right direction, or help
identify potential problems.
The NIST DANE tester is implemented in Python over tlslite. I adapted
the Checker function to do DANE. We'll offer to bundle it with tlslite
once it's a bit more robust. We can probably make it available directly
on the site as well. I'm looking into gnutls too, but more interested in
pygnutls than C.
Stephen.
_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane
