Have you been working on an application that uses the new DANE protocol to combine the encryption of SSL/TLS with the strong integrity protection of DNSSEC? Have you been looking for a way to test your application with a variety of different test cases? If so, we’ve started compiling a list of sites that are currently publishing the TLSA records used by DANE. You can find the list at:
http://www.internetsociety.org/deploy360/resources/dane-test-sites/
As you’ll see on that page, we currently have sites listed for the following protocols and situations:
- HTTP – Valid TLSA Record With Valid CA-signed TLS Certificate
- HTTP – Valid TLSA Record With Valid Self-signed TLS Certificate
- HTTP – Valid TLSA Record With Invalid CA-signed TLS Certificate
- HTTP – Invalid TLSA Record
- HTTP – Valid TLSA Record With Invalid DNSSEC Signature
- SMTP
- XMPP/Jabber
If you are currently publishing TLSA records, please do let us know and we’ll be glad to add your site to the list. In these early days we’d like to make it as easy as possible for developers to find sites with which they can test their apps.
Thanks – and we’re looking forward to seeing the wide deployment of DANE enabling a much more secure Internet!