Transport Encryption with DANE and DNSSEC

Safe Transport

TLSA RR

The administrator still needs to enter a matching TLSA RR in the signed zone of the MX. A TLSA generator [6] helps create the resource record. Anyone who has a CA-signed certificate selects the 3 , 1 radio buttons and then 1 again (Figure 2), copies the certificate into the designated input field, and then specifies how the related service is reached.

Figure 2: The TLSA generator comfortably produces TLSA RRs in the browser.

The generated output is then transferred into the zone file. The new entry for requests is available after updating the serial number and a reload. The policy is now armed. The Sys4 DANE validator [7] from email specialist Patrick Koetter helps by checking thoroughly whether the published TLS policy is without defects.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus