> On 14. Mar 2020, at 12:00, Tanguy Le Carrour <tan...@bioneland.org> wrote: > > Hi Martin, > > Le 03/13, Schanzenbach, Martin a écrit : >>> On 13. Mar 2020, at 18:32, Tanguy Le Carrour <tan...@bioneland.org> wrote: >>> Le 03/10, Tanguy Le Carrour a écrit : >>>> Le 03/09, Christian Grothoff a écrit : >>>>> 2) try adding a TLSA record for gnunet.org to GNS, thereby avoiding >>>>> the use of Letsencrypt and really directly verifying via GNS. >>>> I'll try this and let you know, thanks! >>> So, I did my homework, used a generator [1][] and ended up with this: >>> ``` >>> _443._tcp.gnunet.org. IN TLSA 3 1 1 >>> 26145f39399c7625a95d290bde5731566a81e1cbe6baf84f37ba60b333b05939 >>> ``` >>> [1]: https://www.huque.com/bin/gen_tlsa >>> So I now have: >>> ``` >>> $ gnunet-namestore -z myself -a -e "1 d" -p -t TLSA -n gnunet -V "3 1 1 >>> 26145f39399c7625a95d290bde5731566a81e1cbe6baf84f37ba60b333b05939" >>> $ gnunet-gns --type ANY --lookup gnunet.myself >>> gnunet.myself: >>> Got `TLSA' record: 3 1 1 >>> 26145f39399c7625a95d290bde5731566a81e1cbe6baf84f37ba60b333b05939 >>> Got `LEHO' record: gnunet.org >>> Got `A' record: 131.159.74.67 >>> ``` >>> I didn't know where to put the `_443._tcp` part. `gnunet-namestore` >>> complained >>> about the name containing a `.`. >>> There's something in the doc [2][] about `_port._proto.`, but it's for >>> BOX records only. >> >> Indeed, instead of a TLSA records, for GNS, you should add a box record that >> contains a TLSA record. Like so: >> $ gnunet-namestore -z myself -a -e "1 d" -p -t BOX -n gnunet -V "6 443 3 1 1 >> 26145f39399c7625a95d290bde5731566a81e1cbe6baf84f37ba60b333b05939" >> 6 is the protocol (tcp), 443 is the service (https). > > Unfortunately… > > ``` > $ gnunet-namestore -z myself -a -e "1 d" -p -t BOX -n gnunet -V "6 443 3 1 1 > 26145f39399c7625a95d290bde5731566a81e1cbe6baf84f37ba60b333b05939" > Value `6 443 3 1 1 > 26145f39399c7625a95d290bde5731566a81e1cbe6baf84f37ba60b333b05939' invalid for > record type `BOX' > > $ gnunet-namestore --version > gnunet-namestore v0.12.2 release > ``` > > From the code [1][], I could not guess what the correct format should be. > > [1]: src/gnsrecord/plugin_gnsrecord_dns.c:656 > src/include/gnunet_gnsrecord_lib.h:297
Ah, the record type is missing, sorry I did that out of my head. Try: $ gnunet-namestore -z myself -a -e "1 d" -p -t BOX -n gnunet -V "6 443 52 3 1 1 26145f39399c7625a95d290bde5731566a81e1cbe6baf84f37ba60b333b05939" > > >> Still I wonder why you actually need that... > > As Christian said, this might not be the cause of the problem, but it's part > of > the investigation. > > Anyway, thanks for your time! > > -- > Tanguy
signature.asc
Description: Message signed with OpenPGP
