Status

()

--
enhancement
RESOLVED WONTFIX
8 years ago
a day ago

People

(Reporter: keeler, Unassigned)

Tracking

(Depends on: 2 bugs)

Trunk
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(Not tracked)

Details

Tracking bug for the implementation of the proposal to use DNSSEC to associate TLS keys with domain names.
No longer blocks: 672244
Depends on: 672244
Is there an RFC or Internet Draft defining TLS using DNSSEC keys?
If not ...
(In reply to comment #1)
> Is there an RFC or Internet Draft defining TLS using DNSSEC keys?

Sorry - should have linked this:
http://tools.ietf.org/html/draft-ietf-dane-protocol-08

Also, more details here:
https://wiki.mozilla.org/Security/DNSSEC-TLS-details
Assignee: nobody → nobody
Component: Libraries → Security: PSM
Product: NSS → Core
QA Contact: libraries → psm
Version: trunk → Trunk
Assignee: nobody → dkeeler

Comment 3

7 years ago
"draft-ietf-dane-protocol approved" - "this'll now head to the RFC editor for final processing":
  http://www.ietf.org/mail-archive/web/dane/current/msg05124.html

Current version (version 23 of 2012-06-14):
  http://tools.ietf.org/html/draft-ietf-dane-protocol
Tracked at:
  https://datatracker.ietf.org/doc/draft-ietf-dane-protocol/

And see also:
- "Use Cases and Requirements for DNS-Based Authentication of Named Entities (DANE)"
  http://tools.ietf.org/html/rfc6394

And related drafts, http://tools.ietf.org/wg/dane/
- Secure SMTP with TLS, DNSSEC and TLSA records, 
- Using Secure DNS to Associate Certificates with Domain Names For S/MIME

Comment 4

6 years ago
Isn't this a duplicate of #589537?

Comment 5

5 years ago
(In reply to Roger Lynn from comment #4)
> Isn't this a duplicate of #589537?

Seems to be.
Status: NEW → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 589537

Comment 6

5 years ago
This turns out to be the master tracking bug, so reopening and will clean up.
Status: RESOLVED → REOPENED
Resolution: DUPLICATE → ---

Updated

5 years ago
Duplicate of this bug: 589537
I am not actively working on this.
Assignee: dkeeler → nobody

Comment 9

3 years ago
New rfc7671 address some issues presented at https://wiki.mozilla.org/Security/DNSSEC-TLS-details like CNAME issues
We do not currently have plans to implement this.
Status: REOPENED → RESOLVED
Last Resolved: 5 years ago3 years ago
Resolution: --- → WONTFIX

Comment 11

a year ago
Now that ISP are talking about throttling websites based on some sort of troll tax, are there any plans to have DNS over TLS implemented into Firefox so that novice users can have this feature and protect their right to use the net.

I know that such a system can be implemented thru a proxy DNS server hosted at localhost but that is not the simplest thing to do for must users. 

Peace.
You need to log in before you can comment on or make changes to this bug.