Confirm
298
edits
Changes
→Creating a TLSA Record
Once the certificate type and reference type are determined, the appropriate values can be used to construct an entry that goes into the zone file for the DNS server that is authoritative for the domain name in question. For instance, if the sha256 hash of a public key were to be used, the entry might look like this:
WWW.EXAMPLE.COM. 60 IN TYPE65468 \# 34 0301731050b68ae9bb14f894a0fd3c2dbe4210336942cdd69036235593ca582e787d
(Where the entry is intended to be a single contiguous line.) This specifies a record of type 65468 (experimental number for TLSA) that is 34 bytes long. The "03" at the beginning indicates a public key, and the "01" indicates sha256. The rest is the hash.
== Contact ==
David Keeler (irc: keeler, email: d[irc name]@mozilla.com)
