# HG changeset patch
# User Kim Alvefur <zash@zash.se>
# Date 1441810841 -7200
# Node ID 6a3b48eded35a5fdd21fc8acfef9d02d128b7625
# Parent  5113f8ff67124736d710b87abf75c7e003fc02ec
mod_s2s_auth_dane/README: Describe DANE uses

diff -r 5113f8ff6712 -r 6a3b48eded35 mod_s2s_auth_dane/README.markdown
--- a/mod_s2s_auth_dane/README.markdown	Wed Sep 09 17:00:23 2015 +0200
+++ b/mod_s2s_auth_dane/README.markdown	Wed Sep 09 17:00:41 2015 +0200
@@ -36,6 +36,20 @@
      "s2s_auth_dane";
     }
 
+DANE Uses
+---------
+
+By default, only DANE uses are enabled.
+
+    dane_uses = { "DANE-EE", "DANE-TA" }
+
+  Use flag    Description
+  ----------- -------------------------------------------------------------------------------------------------------
+  `DANE-EE`   Most simple use, usually a fingerprint of the full certificate or public key used the service
+  `DANE-TA`   Fingerprint of a certificate or public key that has been used to issue the service certificate
+  `PKIX-EE`   Like `DANE-EE` but the certificate must also pass normal PKIX trust checks (ie standard certificates)
+  `PKIX-TA`   Like `DANE-TA` but must also pass normal PKIX trust checks (ie standard certificates)
+
 DNS Setup
 =========