[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: wget2 | DANE support (#627)
|
From: |
John Scott (@j0hns) |
|
Subject: |
Re: wget2 | DANE support (#627) |
|
Date: |
Mon, 10 Apr 2023 17:53:14 +0000 |
John Scott commented on a discussion:
https://gitlab.com/gnuwget/wget2/-/issues/627#note_1347170492
Sure, one good example is any of Debian's services; debian.org is a good
example. Here is `dig` output on my machine that shows their certificate
fingerprint:
```
$ dig -t TLSA _443._tcp.debian.org
;; +unexpected option is deprecated
; <<>> DiG 9.18.12-1-Debian <<>> -t TLSA _443._tcp.debian.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15705
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; ANSWER SECTION:
_443._tcp.debian.org. 600 IN TLSA 3 1 1 (
5F33491E2B2D267F7BFF096AD0DCB4AE5A22C0BE19DB
0AB6728BED942F0719FC )
```
Notice the `ad` flag: that means my machine was able to validate the DNSSEC
signature on the DNS record. A `--dane` option to the command-line tool sounds
perfect.
--
Reply to this email directly or view it on GitLab:
https://gitlab.com/gnuwget/wget2/-/issues/627#note_1347170492
You're receiving this email because of your account on gitlab.com.
Re: wget2 | DANE support (#627), @rockdaboot, 2023/04/15
Re: wget2 | DANE support (#627), @rockdaboot, 2023/04/23
Re: wget2 | DANE support (#627), @rockdaboot, 2023/04/23