View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0002526 | GNUnet | GNS | public | 2012-08-28 11:49 | 2018-06-07 00:25 |
| Reporter | Christian Grothoff | Assigned To | Christian Grothoff | ||
| Priority | urgent | Severity | feature | Reproducibility | N/A |
| Status | closed | Resolution | fixed | ||
| Product Version | Git master | ||||
| Target Version | 0.11.0pre66 | Fixed in Version | 0.11.0pre66 | ||
| Summary | 0002526: GNS proxy does not validate DANE/TLSA records | ||||
| Description | Currently, SSL-validation is still CA based. We should parse DANE records as well and use those to check X.509 certs. | ||||
| Tags | No tags attached. | ||||
| related to | 0003003 | closed | Christian Grothoff | New GNS does not properly support SRV records |
| child of | 0003038 | closed | Christian Grothoff | gnunet-gns-proxy does not properly validate SSL certificates |
|
|
With latest GnuTLS, we now theoretically support DANE records; however, serialization/deserialization and gnunet-setup support are still missing/untested. |
|
|
For ways to specify DANE/TLSA records, see also: https://forum.namecoin.info/viewtopic.php?f=5&t=1137 |
|
|
For GNS resolver support, see: https://gnunet.org/srv_in_gns (implemented in SVN 33265). |
|
|
I now think the above is actually not an ideal solution, as the DANE/TLSA record is then not included with the original result, making it hard to tell if/when such a record exists or not (timeout, delay, wait, etc.). So instead, we might want to "encapsulate" the TLSA-record in a GNS-specific "BOX" record that includes the protocol/port information and then the original SRV/TLSA record data. The BOX record could then be included with the original label, without the _FOO._BAR nonsense. |
|
|
Implemented in SVN 33592. |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2012-08-28 11:49 | Christian Grothoff | New Issue | |
| 2012-08-28 11:49 | Christian Grothoff | Status | new => assigned |
| 2012-08-28 11:49 | Christian Grothoff | Assigned To | => schanzen |
| 2012-08-28 11:50 | Christian Grothoff | Priority | normal => urgent |
| 2012-10-07 14:14 | Christian Grothoff | Target Version | => 0.10.1 |
| 2012-12-04 15:45 | Christian Grothoff | Note Added: 0006638 | |
| 2012-12-04 15:47 | Christian Grothoff | Summary | GNS proxy does not validate DANE records => GNS proxy does not validate DANE/TLSA records |
| 2013-03-18 15:01 | Christian Grothoff | Assigned To | schanzen => |
| 2013-06-03 13:14 | Christian Grothoff | Status | assigned => confirmed |
| 2013-08-15 12:55 | Christian Grothoff | Priority | urgent => low |
| 2013-09-18 15:35 | Christian Grothoff | Relationship added | child of 0003038 |
| 2013-09-18 15:36 | Christian Grothoff | Target Version | 0.10.1 => 0.11.0pre66 |
| 2013-10-20 20:33 | Christian Grothoff | Target Version | 0.11.0pre66 => 0.10.1 |
| 2013-10-20 20:33 | Christian Grothoff | Priority | low => normal |
| 2013-10-21 23:55 | Christian Grothoff | Assigned To | => Christian Grothoff |
| 2013-10-21 23:55 | Christian Grothoff | Status | confirmed => assigned |
| 2013-10-21 23:56 | Christian Grothoff | Note Edited: 0006638 | |
| 2013-10-23 12:55 | Christian Grothoff | Assigned To | Christian Grothoff => |
| 2013-10-23 12:55 | Christian Grothoff | Status | assigned => confirmed |
| 2013-10-23 12:58 | Christian Grothoff | Target Version | 0.10.1 => 0.11.0pre66 |
| 2014-02-09 19:50 | Christian Grothoff | Target Version | 0.11.0pre66 => |
| 2014-04-11 15:10 | Christian Grothoff | Target Version | => 0.11.0pre66 |
| 2014-04-22 18:48 | Christian Grothoff | Assigned To | => Christian Grothoff |
| 2014-04-22 18:48 | Christian Grothoff | Status | confirmed => assigned |
| 2014-04-23 19:28 | Christian Grothoff | Priority | normal => urgent |
| 2014-04-24 20:49 | Christian Grothoff | Note Added: 0008271 | |
| 2014-05-13 16:52 | Christian Grothoff | Relationship added | related to 0003003 |
| 2014-05-13 17:43 | Christian Grothoff | Note Added: 0008334 | |
| 2014-05-13 17:43 | Christian Grothoff | Note Edited: 0008334 | |
| 2014-06-03 10:47 | Christian Grothoff | Note Added: 0008387 | |
| 2014-06-07 22:03 | Christian Grothoff | Note Added: 0008413 | |
| 2014-06-07 22:03 | Christian Grothoff | Status | assigned => resolved |
| 2014-06-07 22:03 | Christian Grothoff | Fixed in Version | => 0.11.0pre66 |
| 2014-06-07 22:03 | Christian Grothoff | Resolution | open => fixed |
| 2018-06-07 00:25 | Christian Grothoff | Status | resolved => closed |
