[Dnssec-deployment] dnssec chain within x509 cert support in google chrome

Phil Regnauld regnauld at nsrc.org
Fri Jun 17 17:44:09 EDT 2011


Paul Wouters (paul) writes:
> 
> http://www.imperialviolet.org/2011/06/16/dnssecchrome.html
> 
> If I understood this correctly, and I'm sure Adam will correct me if I am
> wrong, this works by sending a dnssec chain from the root to your FQDN
> embedded in a new X509 extention in your TLS server certificate. Chrome
> then does the validation of the chain.

	Interesting to see how this complements/competes with DANE / TYPE65468.

	Cheers,
	Phil


More information about the Dnssec-deployment mailing list