W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2014

Re: h2 requirements on authoritative responses

From: Amos Jeffries <squid3@treenet.co.nz>
Date: Fri, 05 Sep 2014 02:24:39 +1200
Message-ID: <54087627.3070708@treenet.co.nz>
To: ietf-http-wg@w3.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 4/09/2014 8:26 p.m., Roland Zink wrote:
> On 03.09.2014 20:44, Martin Thomson wrote:
>> The use of subjectAltName is intentionally exemplary for that
>> reason. The normative statements should still apply to DANE and
>> other related functions like pinning. But I think that it's
>> important to cover the most common cases in the example to help
>> avoid confusion where it matters most. (That is, until DANE is
>> more commonplace; I've not yet heard of a single use of it on the
>> web.)
> 
> Maybe you are happy about this: 
> http://www.internetsociety.org/deploy360/blog/2014/07/a-hosting-provider-marketing-secure-hosting-with-ssl-dnssec-and-dane-tlsa/.
>
> 
This browser plugin shows which sites are secured with DANE -
https://www.dnssec-validator.cz/. Its own site is secured.

Using it I was able to avoid numerous certificate warnings, exception
lists and click-throughs on Debian project websites
(https://www.debian.org/) amongst some other less popular sites.

Amos

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)

iQEcBAEBAgAGBQJUCHYmAAoJELJo5wb/XPRjI+kIANau/pM14Rky9ALmyE6fpK3G
t7KL6aJq6ZhSuZ+wPpS8XJSYjuT6hpZO3SfEJ22heX8gaOc2RAL3Ksh3OxTRmIqM
y6/9WBfpyDzrrWdC5us3qPZ5k3XcIxTcdcI3fSdAcqJM9Dgqsg3gcVZ1jGCQheNa
6brwKhC38+gXeYT+nI5RYOy43pUR8wuGsanEXJZ8kMgW9qFu4uTX3FLC0cOgwp07
RL5RgGT4+NYY5RZYIjBykSYeHCM4NjZVnVQUzUHvhF78aNnjbmQ04jv4a/85tQ3/
rVx+14HYzQ/F9LlRiWd/A3WZgzccISH0vb3JTSpvWOH8W9pfmtOZYtSGBXjFSJc=
=HQuP
-----END PGP SIGNATURE-----
Received on Thursday, 4 September 2014 14:25:17 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 30 March 2016 09:57:10 UTC