Add TLS DANE support #779
Comments
|
Apparently Germany will be requiring DNSSEC and DANE as part of the new EU GDPR regulations coming into force in May 2018, so this will be very welcome. |
Given that there are a lot of DNSSEC issues and roots that aren't signed yet, this would seem to be rather a rash decision IMO. The issue with DANE is that it requires TLSA records and Node has no lookup in its DNS API for this yet. To do this now would require using the external getdns library: https://github.com/getdnsapi/getdns I'm yet to find anyone that publishes TLSA records so that I can test anything though.... |
|
@smfreegard posteo.de publishes TLSA records, in case you're still searching for a provider to test with / against. |
|
It looks like many providers still don't even support TLSA records. So ,DANE support is pretty far out. |
Draft: https://datatracker.ietf.org/doc/draft-ietf-dane-smtp-with-dane/
Requires DNSSEC support which is missing in the stock Node DNS API, but is available from https://github.com/getdnsapi/getdns-node which is the Node bindings to the getdns library which is part of the Unbound project.
The text was updated successfully, but these errors were encountered: