[Standards] Proposal: Public Key pinning

Dave Cridland dave at cridland.net
Tue Nov 12 13:18:14 UTC 2013


On Tue, Nov 12, 2013 at 12:59 PM, Simon Tennant <simon at buddycloud.com>wrote:

> On 12 November 2013 00:33, Thijs Alkemade <thijs at xnyhps.nl> wrote:
>
>> * DANE. DNSSEC deployment is still low and DANE is low compared to that.
>> Few
>> DNS stacks include support for DNSSEC, so widespread DANE deployment is
>> unlikely to happen soon.
>>
>
> I would love to have a guide on how to setup DANE and DNSSEC for an XMPP
> server. And have a primer added to the
> http://wiki.xmpp.org/web/Securing_XMPP#Prosody_.28secure_delegation_with_DANE.29page.
>
> Has anyone managed to do this?
>
>
Phil Pennock has, I believe.

However, DANE relates to authentication, rather than secure delegation (for
which you only need DNSSEC).


> Would anyone have time to walk me through setting this up and I'll write
> up a recipe.
>
> S.
> --
> Simon Tennant | buddycloud.com | +49 17 8545 0880 | office hours:
> goo.gl/tQgxP
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/standards/attachments/20131112/f334dae2/attachment.html>


More information about the Standards mailing list