[Dnssec-deployment] dnssec chain within x509 cert support in google chrome
Phil Regnauld
regnauld at nsrc.org
Fri Jun 17 17:44:09 EDT 2011
Paul Wouters (paul) writes:
>
> http://www.imperialviolet.org/2011/06/16/dnssecchrome.html
>
> If I understood this correctly, and I'm sure Adam will correct me if I am
> wrong, this works by sending a dnssec chain from the root to your FQDN
> embedded in a new X509 extention in your TLS server certificate. Chrome
> then does the validation of the chain.
Interesting to see how this complements/competes with DANE / TYPE65468.
Cheers,
Phil
More information about the Dnssec-deployment
mailing list