Mercurial > prosody-modules
comparison mod_s2s_auth_dane/README.markdown @ 1837:6a3b48eded35
mod_s2s_auth_dane/README: Describe DANE uses
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Wed, 09 Sep 2015 17:00:41 +0200 |
| parents | 5113f8ff6712 |
| children | 1c6d04f012e9 |
comparison
equal
deleted
inserted
replaced
| 1836:5113f8ff6712 | 1837:6a3b48eded35 |
|---|---|
| 34 modules_enabled = { | 34 modules_enabled = { |
| 35 ... | 35 ... |
| 36 "s2s_auth_dane"; | 36 "s2s_auth_dane"; |
| 37 } | 37 } |
| 38 | 38 |
| 39 DANE Uses | |
| 40 --------- | |
| 41 | |
| 42 By default, only DANE uses are enabled. | |
| 43 | |
| 44 dane_uses = { "DANE-EE", "DANE-TA" } | |
| 45 | |
| 46 Use flag Description | |
| 47 ----------- ------------------------------------------------------------------------------------------------------- | |
| 48 `DANE-EE` Most simple use, usually a fingerprint of the full certificate or public key used the service | |
| 49 `DANE-TA` Fingerprint of a certificate or public key that has been used to issue the service certificate | |
| 50 `PKIX-EE` Like `DANE-EE` but the certificate must also pass normal PKIX trust checks (ie standard certificates) | |
| 51 `PKIX-TA` Like `DANE-TA` but must also pass normal PKIX trust checks (ie standard certificates) | |
| 52 | |
| 39 DNS Setup | 53 DNS Setup |
| 40 ========= | 54 ========= |
| 41 | 55 |
| 42 In order for other services to verify your site using using this | 56 In order for other services to verify your site using using this |
| 43 plugin,you need to publish TLSA records (and they need to have this | 57 plugin,you need to publish TLSA records (and they need to have this |