[Dnssec-deployment] dnssec chain within x509 cert support in google chrome
regnauld at nsrc.org
Fri Jun 17 17:44:09 EDT 2011
Paul Wouters (paul) writes:
> If I understood this correctly, and I'm sure Adam will correct me if I am
> wrong, this works by sending a dnssec chain from the root to your FQDN
> embedded in a new X509 extention in your TLS server certificate. Chrome
> then does the validation of the chain.
Interesting to see how this complements/competes with DANE / TYPE65468.
More information about the Dnssec-deployment