Le 24/03/2014 14:23, Raphael Geissert a écrit :Anyway, I strongly recommend that nobody waste their time on an issue which in a couple of years will be much less relevant thanks to DANE.If only people actually used DNSSEC and DANE - Chromium/Google Chrome dropped support for the latter due to the lack of use[1]. [1]https://www.imperialviolet.org/2011/06/16/dnssecchrome.html
I believe you are mistaken. That blog post is about Google's own design for "DNSSEC stapled certificates" . Not DANE.
On Mon, 24 Mar 2014, Peter Palfrader wrote:
DNS servers have supported them for years; RFC3597 is over a decade old by now.
TLSA records were defined by RFC6698, which was issued in August 2012. -- Edward Allcutt