Project

General

Profile

Enhancement #461

Prepare TLSA rollover tools

Added by Marc Dequènes almost 4 years ago. Updated about 2 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Service :: DNS
Start date:
2015-07-12
Due date:
% Done:

0%

Patch Available:
Confirmed:
No
Branch:
Entity:
DuckCorp
Security:
Help Needed:

Description

Currently tools are able to publish TLSA, but this does not allow rollovers.

We need to upgrade the process/script to publish the new records while keeping the previous records a certain time. Which means we need to memoize when it was published, and have some automated way of removing the old one.

In this process we need to pre-publish, which means install the new certificate later. So we need to act in advance before the previous one expire.

History

#1 Updated by Marc Dequènes about 2 years ago

  • Priority changed from High to Normal
TLSA was getting integrated into Chrome, and plugins were developed but all these initiatives seem to have stopped, see:

So maybe some hope in the MOSS project for Firefox, but not for today.

I'm then lowering the priority of this BR.

Also available in: Atom PDF