Tracking bug for the implementation of the proposal to use DNSSEC to associate TLS keys with domain names.
Is there an RFC or Internet Draft defining TLS using DNSSEC keys? If not ...
(In reply to comment #1) > Is there an RFC or Internet Draft defining TLS using DNSSEC keys? Sorry - should have linked this: http://tools.ietf.org/html/draft-ietf-dane-protocol-08 Also, more details here: https://wiki.mozilla.org/Security/DNSSEC-TLS-details
Depends on: 672596
Depends on: 672600
Assignee: nobody → nobody
Component: Libraries → Security: PSM
Product: NSS → Core
QA Contact: libraries → psm
Version: trunk → Trunk
"draft-ietf-dane-protocol approved" - "this'll now head to the RFC editor for final processing": http://www.ietf.org/mail-archive/web/dane/current/msg05124.html Current version (version 23 of 2012-06-14): http://tools.ietf.org/html/draft-ietf-dane-protocol Tracked at: https://datatracker.ietf.org/doc/draft-ietf-dane-protocol/ And see also: - "Use Cases and Requirements for DNS-Based Authentication of Named Entities (DANE)" http://tools.ietf.org/html/rfc6394 And related drafts, http://tools.ietf.org/wg/dane/ - Secure SMTP with TLS, DNSSEC and TLSA records, - Using Secure DNS to Associate Certificates with Domain Names For S/MIME
Isn't this a duplicate of #589537?
(In reply to Roger Lynn from comment #4) > Isn't this a duplicate of #589537? Seems to be.
Status: NEW → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 589537
This turns out to be the master tracking bug, so reopening and will clean up.
Status: RESOLVED → REOPENED
Resolution: DUPLICATE → ---
I am not actively working on this.
Assignee: dkeeler → nobody
New rfc7671 address some issues presented at https://wiki.mozilla.org/Security/DNSSEC-TLS-details like CNAME issues
We do not currently have plans to implement this.
Status: REOPENED → RESOLVED
Last Resolved: 6 years ago → 3 years ago
Resolution: --- → WONTFIX
Now that ISP are talking about throttling websites based on some sort of troll tax, are there any plans to have DNS over TLS implemented into Firefox so that novice users can have this feature and protect their right to use the net. I know that such a system can be implemented thru a proxy DNS server hosted at localhost but that is not the simplest thing to do for must users. Peace.
You need to log in before you can comment on or make changes to this bug.