On Wed, 12 Sep 2012, Marco Davids (SIDN) wrote:
On 08/23/12 20:02, Paul Wouters wrote:
I put up the xpi as well, you can grab it at:
http://people.redhat.com/pwouters/mozilla-extval-0.7.xpi
I like it.
However, there might be room for improvent in the wording of the the
messages.
I deliberately broke the TLSA record (https://forfun.net/) and the
message is (in green):
"Domainname is secured by DNSSEC and the certificate is validated by CA."
Both true, but as a paranoid user, I would have appreciated a little bit
more information, like:
"... but the certificate did not pass a DANE check"
(or something similar)
It should do that. When I check your domain it tells me there is no TLSA
record, but I checked all name servers and it is there (and incorrect)
I'll add it on my TODO list :)
Paul
_______________________________________________
dns-operations mailing list
[email protected]
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
dns-jobs mailing list
https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
