}}
{{FeatureTeamStatus}}
{| class="fullwidth-table"
|-
| style="font-weight: bold; background: #DDD;" | Feature
| style="font-weight: bold; background: #DDD;" | Status
| style="font-weight: bold; background: #DDD;" | ETA
| style="font-weight: bold; background: #DDD;" | Owner
|-
<section begin="status" />
| [[Security/DNSSEC-TLS|DNSSEC-TLS]]
| {{StatusHealthy|status=Internal demonstration implementation}}
| 2011-09-01
| [[User:dkeeler|David Keeler]]
<section end="status" />
|}
This set of pages documents the TLS domain validation through DNSSEC project. These documents are currently a work in progress. There are likely many errors.
== Summary ==
This project aims to implement domain validation in TLS sessions through use of DNSSEC chains.
== Team ==
Who's working on this?
*'''Feature Manager''':
*'''Lead Developer''': [[User:dkeeler|David Keeler]]
*'''Product Manager''':
*'''QA''':
*'''Security''':
*'''Privacy''':
== Release Requirements ==
The release requirements include a fully working and well tested implementation of this feature. This includes a server implementation. Currently nginx is being targeted as the server of choice.
== Next Steps & Open Issues ==
*{{done|Complete external implementation}}
*{{done|Complete in-browser demo implementation}}
*{{new|Get someone to look at what I've written to make sure it's not totally off the mark}}
*{{new|Complete in-browser implementation}}
== Related Bugs & Dependencies ==
[https://bugzilla.mozilla.org/show_bug.cgi?id=589537 bug 589357]
This feature depends on servers with the ability to send DNSSEC chains. Nginx has been modified to support this, as described in a document to come.
== Risks ==
Risks are discussed in the [[Security/DNSSEC-TLS-details#Security Considerations|security considerations]] section of the detailed design page.
== Use Cases ==
The use case is anyone running an HTTPS server and anyone wishing to connect to that server using Firefox.
== Designs ==
Design specifications are detailed [[Security/DNSSEC-TLS-details|here]].
== Test Plans ==
Test plans are [[Security/DNSSEC-TLS-details#Test Plans|here]].
== Goals ==
Implement domain validation for TLS connections using DNSSEC in Firefox. That is, in addition to sending a certificate in the TLS handshake, a server would send sufficient DNSSEC records to convince the client of its identity and establish public key material.
== Non-Goals ==
To be updated as issues arise.
== Other Stuff ==
There is currently no other stuff.
== Legend (remove if you like) ==
{| class="fullwidth-table"
|-
| {{StatusHealthy|status= }}
| Healthy: feature is progressing as expected.
|-
| {{StatusBlocked|status= }}
| Blocked: feature is currently blocked.
|-
| {{StatusAtRisk|status= }}
| At Risk: feature is at risk of missing its targeted release.
|-
| '''ETA'''
| Estimated date for completion of the current feature task. Overall ETA for the feature is the product release date.
|}
__NOTOC__
Please remove this line and any non-relevant categories below. Add whatever other categories you feel are appropriate.
[[Category:Features]] [[Category:Firefox]] [[Category:Platform]] [[Category:Security]]
