- From: Amos Jeffries <squid3@treenet.co.nz>
- Date: Fri, 05 Sep 2014 02:24:39 +1200
- To: ietf-http-wg@w3.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 4/09/2014 8:26 p.m., Roland Zink wrote: > On 03.09.2014 20:44, Martin Thomson wrote: >> The use of subjectAltName is intentionally exemplary for that >> reason. The normative statements should still apply to DANE and >> other related functions like pinning. But I think that it's >> important to cover the most common cases in the example to help >> avoid confusion where it matters most. (That is, until DANE is >> more commonplace; I've not yet heard of a single use of it on the >> web.) > > Maybe you are happy about this: > http://www.internetsociety.org/deploy360/blog/2014/07/a-hosting-provider-marketing-secure-hosting-with-ssl-dnssec-and-dane-tlsa/. > > This browser plugin shows which sites are secured with DANE - https://www.dnssec-validator.cz/. Its own site is secured. Using it I was able to avoid numerous certificate warnings, exception lists and click-throughs on Debian project websites (https://www.debian.org/) amongst some other less popular sites. Amos -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQEcBAEBAgAGBQJUCHYmAAoJELJo5wb/XPRjI+kIANau/pM14Rky9ALmyE6fpK3G t7KL6aJq6ZhSuZ+wPpS8XJSYjuT6hpZO3SfEJ22heX8gaOc2RAL3Ksh3OxTRmIqM y6/9WBfpyDzrrWdC5us3qPZ5k3XcIxTcdcI3fSdAcqJM9Dgqsg3gcVZ1jGCQheNa 6brwKhC38+gXeYT+nI5RYOy43pUR8wuGsanEXJZ8kMgW9qFu4uTX3FLC0cOgwp07 RL5RgGT4+NYY5RZYIjBykSYeHCM4NjZVnVQUzUHvhF78aNnjbmQ04jv4a/85tQ3/ rVx+14HYzQ/F9LlRiWd/A3WZgzccISH0vb3JTSpvWOH8W9pfmtOZYtSGBXjFSJc= =HQuP -----END PGP SIGNATURE-----
Received on Thursday, 4 September 2014 14:25:17 UTC