Mercurial > prosody-modules
comparison mod_s2s_auth_dane/README.markdown @ 1837:6a3b48eded35
mod_s2s_auth_dane/README: Describe DANE uses
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Wed, 09 Sep 2015 17:00:41 +0200 |
parents | 5113f8ff6712 |
children | 1c6d04f012e9 |
comparison
equal
deleted
inserted
replaced
1836:5113f8ff6712 | 1837:6a3b48eded35 |
---|---|
34 modules_enabled = { | 34 modules_enabled = { |
35 ... | 35 ... |
36 "s2s_auth_dane"; | 36 "s2s_auth_dane"; |
37 } | 37 } |
38 | 38 |
39 DANE Uses | |
40 --------- | |
41 | |
42 By default, only DANE uses are enabled. | |
43 | |
44 dane_uses = { "DANE-EE", "DANE-TA" } | |
45 | |
46 Use flag Description | |
47 ----------- ------------------------------------------------------------------------------------------------------- | |
48 `DANE-EE` Most simple use, usually a fingerprint of the full certificate or public key used the service | |
49 `DANE-TA` Fingerprint of a certificate or public key that has been used to issue the service certificate | |
50 `PKIX-EE` Like `DANE-EE` but the certificate must also pass normal PKIX trust checks (ie standard certificates) | |
51 `PKIX-TA` Like `DANE-TA` but must also pass normal PKIX trust checks (ie standard certificates) | |
52 | |
39 DNS Setup | 53 DNS Setup |
40 ========= | 54 ========= |
41 | 55 |
42 In order for other services to verify your site using using this | 56 In order for other services to verify your site using using this |
43 plugin,you need to publish TLSA records (and they need to have this | 57 plugin,you need to publish TLSA records (and they need to have this |