It seems we may not be seeing DANE / DNSSEC support in Google Chrome anytime soon. This ticket was just closed as a WontFix:
https://code.google.com/p/chromium/issues/detail?id=50874#c22 As the ticket says (in part): ----- Closing this out as WontFix, as there are no plans. <snip> DNSSEC and DANE (types 2/3) do not measurably raise the bar for security compared to alternatives, and can be negative for security. DNSSEC+DANE (types 0/1) can be accomplished via HTTP Public Key Pinning to the same effect, and with a much more reliable and consistent delivery mechanism. While not desiring to stifle discussion, we've continued to evaluate the security and usability benefits and costs of DNSSEC and DANE, and will continue to do so, but for now, this is neither something we plan to implement nor would support landing. ----- Any thoughts? Dan
_______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
