> From: Paul Wouters <p...@cypherpunks.ca> > An unfinished but working hacked os3sec/niccz firefox plugin, which > I only tested on Linux: > > http://people.redhat.com/pwouters/mozilla-extval-0.7-2.fc16.noarch.rpm > (http://people.redhat.com/pwouters/mozilla-extval-0.7-2.fc16.src.rpm) > > TLSA records are published for fedoraproject.org and nohats.ca.
After several hours fiddling around with Centos and Ubuntu, I got mozilla-extval-0.7-2.fc16.noarch.rpm converted and installed with dpkg on the Ubuntu system. Firefox whined that the add-on is corrupt and claimed to have refused to install it, but installed something that says it is "DNSSEC/TLSA Validator 0.7". After giving it the IP address of my resolver, I watched the resolver log for requests for TLSA qtypes and _tcp qnames as I looked at https://fedoraproject.org I see only A and AAAA requests for fedoraproject.org There were no error messages from dpkg, but I wonder about libldns and unbound libraries. After installing the unbound libraries on a Centos system to try to install extval, my attempt to install extval was stymied for lack of libldns. I didn't look all that hard for libldns before going back to Ubuntu. It's probably something that I'm doing wrong. Thanks anyway and no offense intended. Even if I could make it work, a browser add-on wouldn't get me toward my real goal of a little security for my web pages without paying for the pretense of commercial pkix security. Vernon Schryver v...@rhyolite.com _______________________________________________ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
