On Sun, Dec 15, 2013 at 10:02:42PM +0100, Patrick Ben Koetter wrote:
> This will fix the usage:
>
> - $port, $host, $usage, $s, $m, $a;
> + $port, $host, $u, $s, $m, $a;
Yes, that's the change I made to fix it.
> draft-ietf-dane-ops-01 says:
>
>The selector field specifies wheth
* Viktor Dukhovni :
> On Sun, Dec 15, 2013 at 06:49:20PM +, Viktor Dukhovni wrote:
>
> > What certificate public key did you fingerprint? Your root CA
> > certificate, or your server certificate? Why did you specify usage 0?
>
> It sure looks like your TLSA RR contains the public digest of
On Sun, Dec 15, 2013 at 09:18:12PM +0100, Patrick Ben Koetter wrote:
> tlsagen mail.state-of-mind.de.pem mail.state-of-mind.de DANE-EE CERT SHA2-256
> _25._tcp.mail.state-of-mind.de. IN TLSA 0 0 1
> 4CCFD929E7C2646022AD1A80F66B29C2F37C14D95245C0624490B90074A014A7
>
> Hmmm, looking at this DANE-E
* Viktor Dukhovni :
> On Sun, Dec 15, 2013 at 06:49:20PM +, Viktor Dukhovni wrote:
>
> > What certificate public key did you fingerprint? Your root CA
> > certificate, or your server certificate? Why did you specify usage 0?
>
> It sure looks like your TLSA RR contains the public digest of
On Sun, Dec 15, 2013 at 06:49:20PM +, Viktor Dukhovni wrote:
> What certificate public key did you fingerprint? Your root CA
> certificate, or your server certificate? Why did you specify usage 0?
It sure looks like your TLSA RR contains the public digest of your
server certificate, and yet
script to create a TLSA RR and updated the ZONE. Now I
> get a warning that says: "warning: ca-constraint trust-anchor sha256 digests
> disabled, in RR: _25._tcp.mail.sys4.de IN TLSA 0 1 1 .."
>
> Can you please help me understand why the warning is given?
You are trying to speci
s: "warning: ca-constraint trust-anchor sha256 digests
disabled, in RR: _25._tcp.mail.sys4.de IN TLSA 0 1 1 .."
Can you please help me understand why the warning is given?
Thanks
p@rick
posttls-finger -F /etc/ssl/certs/ca-certificates.crt sys4.de
posttls-finger: warning: ca-constraint tr
