> On 13. Mar 2020, at 18:32, Tanguy Le Carrour <tan...@bioneland.org> wrote: > > Hi GNUnet, Hi Christian, > > Le 03/10, Tanguy Le Carrour a écrit : >> Le 03/09, Christian Grothoff a écrit : >>> 2) try adding a TLSA record for gnunet.org to GNS, thereby avoiding >>> the use of Letsencrypt and really directly verifying via GNS. >> >> I'll try this and let you know, thanks! > > So, I did my homework, used a generator [1][] and ended up with this: > > ``` > _443._tcp.gnunet.org. IN TLSA 3 1 1 > 26145f39399c7625a95d290bde5731566a81e1cbe6baf84f37ba60b333b05939 > ``` > > [1]: https://www.huque.com/bin/gen_tlsa > > So I now have: > > ``` > $ gnunet-namestore -z myself -a -e "1 d" -p -t TLSA -n gnunet -V "3 1 1 > 26145f39399c7625a95d290bde5731566a81e1cbe6baf84f37ba60b333b05939" > $ gnunet-gns --type ANY --lookup gnunet.myself > gnunet.myself: > Got `TLSA' record: 3 1 1 > 26145f39399c7625a95d290bde5731566a81e1cbe6baf84f37ba60b333b05939 > Got `LEHO' record: gnunet.org > Got `A' record: 131.159.74.67 > ``` > > I didn't know where to put the `_443._tcp` part. `gnunet-namestore` complained > about the name containing a `.`. > > There's something in the doc [2][] about `_port._proto.`, but it's for > BOX records only. >
Indeed, instead of a TLSA records, for GNS, you should add a box record that contains a TLSA record. Like so: $ gnunet-namestore -z myself -a -e "1 d" -p -t BOX -n gnunet -V "6 443 3 1 1 26145f39399c7625a95d290bde5731566a81e1cbe6baf84f37ba60b333b05939" 6 is the protocol (tcp), 443 is the service (https). Still I wonder why you actually need that... > [2]: https://docs.gnunet.org/handbook/gnunet.html#BOX-1 > > Having done that, I still don't get much in the logs: > > ``` > $ […]/lib/gnunet/libexec/gnunet-gns-proxy --log DEBUG > Mar 13 18:15:11-622297 gnunet-gns-proxy-3803 ERROR Download curl gnunet.org/ > failed: SSL peer certificate or SSH remote key was not OK > ``` > > Is my TLSA record correct? Is there something else I can try? > > Regards > > -- > Tanguy
signature.asc
Description: Message signed with OpenPGP
