Hey,
So I had to renew my nohats.ca certificate and did so last minute. Then I decided, why not let it expire and see what happens. So I did. And then my browser refused to connect a few hours later. So I finally got a new cert and installed it without updating the TLSA record. The browser (firefox linux) showed the new cert. The validator said "dnssec green" and "tlsa green" despite that it was clearly not the right tlsa. I could not be due to DNS caching because nothing in the DNS has changed. A few minutes later I noticed it had turned to red. So, this is a little worrying because this would basically be how an attack would look like to me. And the plugin would not have helped me prevent the attack. The second minor buglet is that the "about" window has no [X] button to close the window. It took be a few seconds to realise I had to right-click and select "close window". Paul _______________________________________________ dnssec-validator-users mailing list [email protected] https://lists.nic.cz/cgi-bin/mailman/listinfo/dnssec-validator-users
