508756 – gentoo.org Please add DANE support

Bug 508756 - gentoo.org Please add DANE support

Summary: gentoo.org Please add DANE support

Status:	RESOLVED DUPLICATE of bug 502372

Alias:	None

Product:	Gentoo Infrastructure
Classification:	Unclassified
Component:	Other (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Infrastructure

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2014-04-26 10:55 UTC by Eray Aslan
Modified:	2014-04-26 11:49 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Eray Aslan gentoo-dev

2014-04-26 10:55:13 UTC

As discussed in bug #508554, publishing TLSA records (for smtp and http) will result in better security.  To summarize:

- DNSSEC: a man-in-the-middle hardened means of publishing DNS data.

- DANE: an IETF working group to develop standards for using DNSSEC to publish authentication information (public keys and the like) that binds DNS names to corresponding credentials.

    http://datatracker.ietf.org/wg/dane/charter/

- TLSA: one of the DNS record types developed by the DANE working group that publishes TLS server keys in DNS.  TLSA records are defined in RFC 6698.

    http://tools.ietf.org/html/rfc6698
    http://datatracker.ietf.org/doc/rfc6698/

gentoo.org supports DNSSEC but not DANE.  The hard part (DNSSEC) is already done.  Please consider publishing TLSA records for gentoo.org.

Comment 1 Alex Legler (RETIRED) archtester

2014-04-26 11:49:33 UTC


*** This bug has been marked as a duplicate of bug 502372 ***