Mercurial > prosody-modules
comparison mod_s2s_auth_dane/README.markdown @ 1838:1c6d04f012e9
mod_s2s_auth_dane/README: Note about LuaSec
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Wed, 09 Sep 2015 17:35:49 +0200 |
| parents | 6a3b48eded35 |
| children | f118e419a712 |
comparison
equal
deleted
inserted
replaced
| 1837:6a3b48eded35 | 1838:1c6d04f012e9 |
|---|---|
| 14 Associations](http://tools.ietf.org/html/draft-miller-xmpp-dnssec-prooftype). | 14 Associations](http://tools.ietf.org/html/draft-miller-xmpp-dnssec-prooftype). |
| 15 | 15 |
| 16 Dependencies | 16 Dependencies |
| 17 ============ | 17 ============ |
| 18 | 18 |
| 19 This module requires a DNSSEC aware DNS resolver. Prosodys internal | 19 This module requires a DNSSEC aware DNS resolver. Prosodys internal DNS |
| 20 DNSmodule does not support DNSSEC. Therefore, to use this module, | 20 module does not support DNSSEC. Therefore, to use this module, a |
| 21 areplacement is needed, such as [this | 21 replacement is needed, such as [this |
| 22 one](https://www.zash.se/luaunbound.html). | 22 one](https://www.zash.se/luaunbound.html). |
| 23 | 23 |
| 24 More installation instructions can be found at [Prosody with | 24 LuaSec 0.5 or later is also required. |
| 25 DANE](https://www.zash.se/prosody-dane.html). | |
| 26 | 25 |
| 27 Configuration | 26 Configuration |
| 28 ============= | 27 ============= |
| 29 | 28 |
| 30 After [installing the | 29 After [installing the |
| 51 `PKIX-TA` Like `DANE-TA` but must also pass normal PKIX trust checks (ie standard certificates) | 50 `PKIX-TA` Like `DANE-TA` but must also pass normal PKIX trust checks (ie standard certificates) |
| 52 | 51 |
| 53 DNS Setup | 52 DNS Setup |
| 54 ========= | 53 ========= |
| 55 | 54 |
| 56 In order for other services to verify your site using using this | 55 In order for other services to verify your site using using this plugin, |
| 57 plugin,you need to publish TLSA records (and they need to have this | 56 you need to publish TLSA records (and they need to have this plugin). |
| 58 plugin). Here's an example using `DANE-EE Cert SHA2-256` for a host | 57 Here's an example using `DANE-EE Cert SHA2-256` for a host named |
| 59 named `xmpp.example.com` serving the domain `example.com`. | 58 `xmpp.example.com` serving the domain `example.com`. |
| 60 | 59 |
| 61 $ORIGIN example.com. | 60 $ORIGIN example.com. |
| 62 ; Your standard SRV record | 61 ; Your standard SRV record |
| 63 _xmpp-server._tcp.example.com IN SRV 0 0 5269 xmpp.example.com. | 62 _xmpp-server._tcp.example.com IN SRV 0 0 5269 xmpp.example.com. |
| 64 ; IPv4 and IPv6 addresses | 63 ; IPv4 and IPv6 addresses |