Security/DNSSEC-TLS: Difference between revisions
No edit summary |
No edit summary |
||
| Line 15: | Line 15: | ||
|} | |} | ||
This set of pages documents the TLS domain validation through DNSSEC project. | This set of pages documents the TLS domain validation through DNSSEC project. These documents are currently a work in progress. There are likely many errors. | ||
== Summary == | == Summary == | ||
This | This project aims to implement domain validation in TLS sessions through use of DNSSEC chains. | ||
== Team == | == Team == | ||
| Line 34: | Line 34: | ||
== Release Requirements == | == Release Requirements == | ||
The release requirements include a fully working and well tested implementation of this feature. | |||
== Next Steps & Open Issues == | == Next Steps & Open Issues == | ||
| Line 43: | Line 43: | ||
== Related Bugs & Dependencies == | == Related Bugs & Dependencies == | ||
This feature depends on servers with the ability to send DNSSEC chains. Nginx has been modified to support this, as described in a document to come. | |||
== Risks == | == Risks == | ||
| Line 66: | Line 66: | ||
== Non-Goals == | == Non-Goals == | ||
To be updated as issues arise. | |||
== Other Stuff == | == Other Stuff == | ||
There is currently no other stuff. | |||
== Legend (remove if you like) == | == Legend (remove if you like) == | ||
Revision as of 17:39, 5 July 2011
| Feature | Status | ETA | Owner |
| DNSSEC-TLS | External implementation | 2011-09-01 | David Keeler
|
This set of pages documents the TLS domain validation through DNSSEC project. These documents are currently a work in progress. There are likely many errors.
Summary
This project aims to implement domain validation in TLS sessions through use of DNSSEC chains.
Team
Who's working on this?
- Feature Manager:
- Lead Developer: David Keeler (irc: keeler)
- Product Manager:
- QA:
- Security:
- Privacy:
Release Requirements
The release requirements include a fully working and well tested implementation of this feature.
Next Steps & Open Issues
- [ON TRACK] Complete external implementation
- [NEW] Complete in-browser implementation
Related Bugs & Dependencies
This feature depends on servers with the ability to send DNSSEC chains. Nginx has been modified to support this, as described in a document to come.
Risks
Risks are discussed in the security considerations section of the detailed design page.
Use Cases
The use case is anyone running an HTTPS server and anyone wishing to connect to that server using Firefox.
Designs
Design specifications are detailed here.
Test Plans
Test plans are here.
Goals
Implement domain validation for TLS connections using DNSSEC in Firefox. That is, in addition to sending a certificate in the TLS handshake, a server would send sufficient DNSSEC records to convince the client of its identity and establish public key material.
Non-Goals
To be updated as issues arise.
Other Stuff
There is currently no other stuff.
Legend (remove if you like)
| Healthy: feature is progressing as expected. | |
| Blocked: feature is currently blocked. | |
| At Risk: feature is at risk of missing its targeted release. | |
| ETA | Estimated date for completion of the current feature task. Overall ETA for the feature is the product release date. |
Please remove this line and any non-relevant categories below. Add whatever other categories you feel are appropriate.