letsdane
letsdane copied to clipboard
buffrr
🔒 Let's DANE is an experimental way to enable the use of DANE/TLSA in browsers and other apps using a lightweight proxy.
Adds automatic Builds to DockerHub using Github Actions. Image tags used: - letsdane:latest: For all push events in `master` branch. - letsdane:_tag_: For all tagged commits, v0.5.0 tag will appear...
One issue with allowing users to trust a validating resolver over a secure channel is that the secure connection itself relies on WebPKI which takes away the advantages provided by...
Some nameservers timeout or return SERVFAIL for any record type they don't understand An example of such a server found in the wild (at the time of writing) ``` dig...
Support for digest algorithm agility is optional but it's still useful if multiple digest algorithms are present. See [RFC7671 section 9](https://tools.ietf.org/html/rfc7671#section-9)
While PKIX certificate usages are optional, for complete DANE implementation we should support DANE-TA(2). This is useful if server administrators that would like to pin self-signed CA instead of pinning...
Static Binaries for each platform can be built using: ## Linux Static Binaries for Linux can be made using the following Dockerfile (or running the commands in Dockerfile manually). ```Dockerfile...
Add ability to use a username+password combo to protect the dane proxy server.
Roughly 1 in 3 requests I make through this result in a long pause and then a timeout error. The interesting thing I've found is that while letsdane isn't responding...
I've been experimenting with using the LetsDANE http proxy to connect to a VPN server, but I end up running into errors when trying to validate SSL. (Both with and...
