diff mod_s2s_auth_dane/README.markdown @ 1837:6a3b48eded35

mod_s2s_auth_dane/README: Describe DANE uses
author Kim Alvefur <zash@zash.se>
date Wed, 09 Sep 2015 17:00:41 +0200
parents 5113f8ff6712
children 1c6d04f012e9
line wrap: on
line diff
--- a/mod_s2s_auth_dane/README.markdown	Wed Sep 09 17:00:23 2015 +0200
+++ b/mod_s2s_auth_dane/README.markdown	Wed Sep 09 17:00:41 2015 +0200
@@ -36,6 +36,20 @@
      "s2s_auth_dane";
     }
 
+DANE Uses
+---------
+
+By default, only DANE uses are enabled.
+
+    dane_uses = { "DANE-EE", "DANE-TA" }
+
+  Use flag    Description
+  ----------- -------------------------------------------------------------------------------------------------------
+  `DANE-EE`   Most simple use, usually a fingerprint of the full certificate or public key used the service
+  `DANE-TA`   Fingerprint of a certificate or public key that has been used to issue the service certificate
+  `PKIX-EE`   Like `DANE-EE` but the certificate must also pass normal PKIX trust checks (ie standard certificates)
+  `PKIX-TA`   Like `DANE-TA` but must also pass normal PKIX trust checks (ie standard certificates)
+
 DNS Setup
 =========