On 2/26/2019 11:10 AM, John Levine wrote:
In article <B68C84D4-9D1A-4303-94CA-59CEBFB6B934@pch.net> you write:
We need to get switched over to DANE as quickly as possible, and stop wasting effort trying to keep the CA system alive with ever-hackier band-aids.
What's the DANE version of a green-bar cert?
At one point, there was the DNSSEC/TLSA validator plug-in for browsers. I had used it and it worked quite well, displaying a green key for valid DANE. https://www.dnssec-validator.cz/ Unfortunately, Firefox's API change, circa version 57, was the start of browser changes that halted the project. I'd really like to see similar functionality return, not as a plug-in, but as a part of the base browser. === End of Support Tue 16 October 2018 After struggling and failing to implement the DNSSEC/TLSA Validator extension for Firefox Quantum (57+) we've decided to stop the development and support of the extension. Firefox 56 was the last version which provided necessary APIs that enabled the DNSSEC/TLSA Validator to check DNS records and certificates … ===