The DNS-Based Authentication of Named Entities (DANE)
The DNS-Based Authentication of Named Entities (DANE) Transport Layer Security (TLS) Protocol: TLSA; RFC 6698
Questions tagged [dane]
6 questions
2
votes
1 answer
Why does my RSA DANE TLSA work, but my ECDSA DANE TLSA fail?
I've purchased two single domain, wildcard SSL certificates from Namecheap/Sectigo/Comodo. I generated my CSRs in the typical fashion using openssl.
$ openssl req -newkey rsa:4096 -keyout example.com.rsa.key -out example.com.rsa.csr
$ openssl…
synacksoldier
- 33
- 4
2
votes
0 answers
Is it possible to use MTA-STS in Postfix without overriding DANE?
The SMTP MTA Strict Transport Security RFC 8461, 2 clearly states that:
However, MTA-STS is designed not to interfere with DANE deployments
when the two overlap; in particular, senders who implement MTA-STS
validation MUST NOT allow MTA-STS Policy…
Esa Jokinen
- 43,252
- 2
- 75
- 122
1
vote
1 answer
DANE and TSLA in Cloudflare
can anyone tell me how to set up DANE and TSLA in Cloudflare?
Do we need Google Cloud DNS for TLSA records?
which mail server will allow using TLSA at this point?
ref link for DANE
CADENTIC
- 13
- 6
1
vote
1 answer
How do I generate an SSHFP record for a Mikrotik router?
I want to generate an SSHFP record for my Mikrotik CCR2004 running RouterOS 6.47.4, without getting the key over the network. How can I do this from the console?
Falcon Momot
- 24,975
- 13
- 61
- 92
0
votes
0 answers
Hardware requirments for tld registrar. Non icann dnssec and dane supported
I am trying to figure out requirments for a tld registrar.
I have the names. Customers have the access. Just missing the skillset and hardware.
Icann is not accepting these names at the moment,however icann is not a requirement. The domains do work…
Littlefoot
- 1
- 1
0
votes
1 answer
Does DANE allow for trustable self-signed certificates?
DANE has 4 modes of operation indexed 0-3 with mode 3 i.e. Domain issued certificate allowing for self-signed certificates. Can this mode be used in a trustable manner? and if so does that mean that traditional Certificate Authorities and their…
MShakeG
- 111
- 5