comparison mod_s2s_auth_dane/README.markdown @ 1837:6a3b48eded35

mod_s2s_auth_dane/README: Describe DANE uses
author Kim Alvefur <zash@zash.se>
date Wed, 09 Sep 2015 17:00:41 +0200
parents 5113f8ff6712
children 1c6d04f012e9
comparison
equal deleted inserted replaced
1836:5113f8ff6712 1837:6a3b48eded35
34 modules_enabled = { 34 modules_enabled = {
35 ... 35 ...
36 "s2s_auth_dane"; 36 "s2s_auth_dane";
37 } 37 }
38 38
39 DANE Uses
40 ---------
41
42 By default, only DANE uses are enabled.
43
44 dane_uses = { "DANE-EE", "DANE-TA" }
45
46 Use flag Description
47 ----------- -------------------------------------------------------------------------------------------------------
48 `DANE-EE` Most simple use, usually a fingerprint of the full certificate or public key used the service
49 `DANE-TA` Fingerprint of a certificate or public key that has been used to issue the service certificate
50 `PKIX-EE` Like `DANE-EE` but the certificate must also pass normal PKIX trust checks (ie standard certificates)
51 `PKIX-TA` Like `DANE-TA` but must also pass normal PKIX trust checks (ie standard certificates)
52
39 DNS Setup 53 DNS Setup
40 ========= 54 =========
41 55
42 In order for other services to verify your site using using this 56 In order for other services to verify your site using using this
43 plugin,you need to publish TLSA records (and they need to have this 57 plugin,you need to publish TLSA records (and they need to have this