You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It would be really nice to have TLSA/DANE (RFC 6698) support in tlsdate. As tlsdate is connecting to a remote side, it would be nice to have some authentication mechanism to protect against DNS spoofing. Because tlsdate is doing https, TLSA/DANE is already a "good" solution.
If tlsdate does DANE, it can refuse to set the local time, if the remote (foreign) server was not authenticated with a valid TLSA fingerprint.
The text was updated successfully, but these errors were encountered:
It would be really nice to have TLSA/DANE (RFC 6698) support in tlsdate. As tlsdate is connecting to a remote side, it would be nice to have some authentication mechanism to protect against DNS spoofing. Because tlsdate is doing https, TLSA/DANE is already a "good" solution.
If tlsdate does DANE, it can refuse to set the local time, if the remote (foreign) server was not authenticated with a valid TLSA fingerprint.
The text was updated successfully, but these errors were encountered: