TLSA record support

New ideas and constructive comments go here.

Moderator: Moderators

Post Reply
candrews
Posts: 38
Joined: Thu Jul 24, 2008 11:50 am
Contact:

TLSA record support

Post by candrews »

TLSA records are part of the implementation of DANE (DNS-based Authentication of Named Entities). These records allow for an alternative (or supplement) to the Certificate Authority system for verifying TLS certificates.

The relevant RFC is https://tools.ietf.org/html/rfc6698 - combined with DNSSEC (which Rollernet already supports), DANE offers an interesting new way to implement (or supplement) web security.

Thanks!

Seth
Site Admin
Posts: 319
Joined: Sun Aug 30, 2009 10:44 pm
Location: Nevada
Contact:

Re: TLSA record support

Post by Seth »

It is supported by the underlying server, I'll look in to putting it in the interface.
Seth Mattinen, Roller Network LLC

candrews
Posts: 38
Joined: Thu Jul 24, 2008 11:50 am
Contact:

Re: TLSA record support

Post by candrews »

Here's an easy to use UI for generating TLSA records: https://www.huque.com/bin/gen_tlsa I think the Rollernet interface would probably use the same fields. Also, for reference, the RFC is https://tools.ietf.org/html/rfc6698

candrews
Posts: 38
Joined: Thu Jul 24, 2008 11:50 am
Contact:

Re: TLSA record support

Post by candrews »

*bump*

candrews
Posts: 38
Joined: Thu Jul 24, 2008 11:50 am
Contact:

Re: TLSA record support

Post by candrews »

Any news?

TSLA support would be really nice to have!

Seth
Site Admin
Posts: 319
Joined: Sun Aug 30, 2009 10:44 pm
Location: Nevada
Contact:

Re: TLSA record support

Post by Seth »

TLSA record support has been added and will be released in an update to the live site shortly.
Seth Mattinen, Roller Network LLC

Seth
Site Admin
Posts: 319
Joined: Sun Aug 30, 2009 10:44 pm
Location: Nevada
Contact:

Re: TLSA record support

Post by Seth »

I just noticed while working on other Primary DNS stuff that TLSA wasn't listed under the supported record types in the help docs. It's in there now.
Seth Mattinen, Roller Network LLC

Post Reply