Hi, Everyone back (and recovered) from IETF89? Much interesting, such people, very discussions, wow.
So I have an experimental DANE implementation for server-to-server connections in the Prosody XMPP server. It's currently only doing DANE-EE and PKIX-EE. The TA variants are trickier, especially DANE-TA, so I have left them out for now. LuaSec, the OpenSSL to Lua binding we use, doesn't currently expose anything for validating some random chain. It also includes an attempt at doing something for authenticating the client certificate on incoming connections, by looking for a TLSA record at the same name as for SRV, eg _xmpp-server._tcp.example.com. Comments about this would be appreciated. Info: http://code.google.com/p/prosody-modules/wiki/mod_s2s_auth_dane Code: http://code.google.com/p/prosody-modules/source/browse/mod_s2s_auth_dane/mod_s2s_auth_dane.lua -- Regards, Kim "Zash" Alvefur
signature.asc
Description: OpenPGP digital signature
_______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
