[getdns-users] Does stubby honor TLSA records when verifying tls_auth_name?
Sara Dickinson
sara at sinodun.com
Mon Apr 29 14:51:22 UTC 2019
> On 18 Apr 2019, at 18:40, Christoph <cm at appliedprivacy.net> wrote:
>
>> We didn't publish SPKI pins because we rotate keys - which makes
>> SPKI less practical.
>
> After noticing that the pin can also be at the CA level we
> will provide SPKI pins. The DANE/TLSA question for Stubby
> would still be interesting since that would allow us to
> manage the "pins" without changing the configuration.
Hi Christoph,
The current version of Stubby doesn’t implement verification using TLSA records, but it is on the roadmap for a future version.
Best regards
Sara.
More information about the Users
mailing list