Mercurial > prosody-modules

comparison mod_s2s_auth_dane/README.markdown @ 1836:5113f8ff6712

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_s2s_auth_dane/README: Bump heading levels (modules.prosody.im decreases them one step) and fix some missing spaces
author Kim Alvefur <zash@zash.se>
date Wed, 09 Sep 2015 17:00:23 +0200
parents 4d73a1a6ba68
children 6a3b48eded35
comparison
equal deleted inserted replaced
1835:6234e67ebe7a 1836:5113f8ff6712
4 - 'Type-S2SAuth' 4 - 'Type-S2SAuth'
5 summary: S2S authentication using DANE 5 summary: S2S authentication using DANE
6 ... 6 ...
7 7
8 Introduction 8 Introduction
9 ------------ 9 ============
10 10
11 This module implements DANE as described in[Using DNS Security 11 This module implements DANE as described in[Using DNS Security
12 Extensions (DNSSEC) and DNS-based Authentication of Named Entities 12 Extensions (DNSSEC) and DNS-based Authentication of Named Entities
13 (DANE) as a Prooftype for XMPP Domain Name 13 (DANE) as a Prooftype for XMPP Domain Name
14 Associations](http://tools.ietf.org/html/draft-miller-xmpp-dnssec-prooftype). 14 Associations](http://tools.ietf.org/html/draft-miller-xmpp-dnssec-prooftype).
15 15
16 Dependencies 16 Dependencies
17 ------------ 17 ============
18 18
19 This module requires a DNSSEC aware DNS resolver. Prosodys internal 19 This module requires a DNSSEC aware DNS resolver. Prosodys internal
20 DNSmodule does not support DNSSEC. Therefore, to use this module, 20 DNSmodule does not support DNSSEC. Therefore, to use this module,
21 areplacement is needed, such as [this 21 areplacement is needed, such as [this
22 one](https://www.zash.se/luaunbound.html). 22 one](https://www.zash.se/luaunbound.html).
23 23
24 More installation instructions can be found at [Prosody with 24 More installation instructions can be found at [Prosody with
25 DANE](https://www.zash.se/prosody-dane.html). 25 DANE](https://www.zash.se/prosody-dane.html).
26 26
27 Configuration 27 Configuration
28 ------------- 28 =============
29 29
30 After [installing the 30 After [installing the
31 module](https://prosody.im/doc/installing_modules), just add it to 31 module](https://prosody.im/doc/installing_modules), just add it to
32 `modules_enabled`; 32 `modules_enabled`;
33 33
35 ... 35 ...
36 "s2s_auth_dane"; 36 "s2s_auth_dane";
37 } 37 }
38 38
39 DNS Setup 39 DNS Setup
40 --------- 40 =========
41 41
42 In order for other services to verify your site using using this 42 In order for other services to verify your site using using this
43 plugin,you need to publish TLSA records (and they need to have this 43 plugin,you need to publish TLSA records (and they need to have this
44 plugin).Here's an example using "DANE-EE Cert SHA2-256" for a host 44 plugin). Here's an example using `DANE-EE Cert SHA2-256` for a host
45 namedxmpp.example.com serving the domain example.com. 45 named `xmpp.example.com` serving the domain `example.com`.
46 46
47 $ORIGIN example.com. 47 $ORIGIN example.com.
48 ; Your standard SRV record 48 ; Your standard SRV record
49 _xmpp-server._tcp.example.com IN SRV 0 0 5269 xmpp.example.com. 49 _xmpp-server._tcp.example.com IN SRV 0 0 5269 xmpp.example.com.
50 ; IPv4 and IPv6 addresses 50 ; IPv4 and IPv6 addresses
61 61
62 [List of DNSSEC and DANE 62 [List of DNSSEC and DANE
63 tools](http://www.internetsociety.org/deploy360/dnssec/tools/) 63 tools](http://www.internetsociety.org/deploy360/dnssec/tools/)
64 64
65 Further reading 65 Further reading
66 --------------- 66 ===============
67 67
68 - [DANE TLSA implementation and operational 68 - [DANE TLSA implementation and operational
69 guidance](http://tools.ietf.org/html/draft-ietf-dane-ops) 69 guidance](http://tools.ietf.org/html/draft-ietf-dane-ops)
70 70
71 Compatibility 71 Compatibility
72 ------------- 72 =============
73 73
74 Requires 0.9 or above. 74 Requires 0.9 or above.