dnssec-validator issueshttps://gitlab.nic.cz/labs/dnssec-validator/-/issues2017-11-17T22:57:27+01:00https://gitlab.nic.cz/labs/dnssec-validator/-/issues/4MF: Sign the add-on2017-11-17T22:57:27+01:00Martin StrakaMF: Sign the add-onhttps://developer.mozilla.org/en/XUL_School/Setting_Up_a_Development_Environment#Signing_extensionshttps://developer.mozilla.org/en/XUL_School/Setting_Up_a_Development_Environment#Signing_extensionson the back burnerMartin StrakaMartin Strakahttps://gitlab.nic.cz/labs/dnssec-validator/-/issues/27test whether type 0 and 2 really uses CA store2017-11-17T22:57:27+01:00Karel Slanýtest whether type 0 and 2 really uses CA storeWhen using type 0 and 2 certificates then the certificate chain should be successfully completed/verified using the system's CA store.
If such certificate chain could not be verified using the system CA store then the validator should...When using type 0 and 2 certificates then the certificate chain should be successfully completed/verified using the system's CA store.
If such certificate chain could not be verified using the system CA store then the validator should return a description informing about the condition.
NOTE: Is it possible to successfully validate the certificate chain using DANE even if it does not verify when using system CA store?https://gitlab.nic.cz/labs/dnssec-validator/-/issues/46MF: nsICache has been removed2017-11-17T22:57:27+01:00Martin StrakaMF: nsICache has been removedhttp://www.janbambas.cz/http-cache-v1-api-disabled/
https://developer.mozilla.org/cs/docs/HTTP_Cache
commit c286e317951e144bd31e33e1e6c173d9a0f9a00fhttp://www.janbambas.cz/http-cache-v1-api-disabled/
https://developer.mozilla.org/cs/docs/HTTP_Cache
commit c286e317951e144bd31e33e1e6c173d9a0f9a00fon the back burnerMartin StrakaMartin Strakahttps://gitlab.nic.cz/labs/dnssec-validator/-/issues/47CRITICAL! - Firefox somtimes crashes when "DNSSEC/TLSA Validator" extension ...2017-11-17T22:57:27+01:00kolAflashCRITICAL! - Firefox somtimes crashes when "DNSSEC/TLSA Validator" extension is installedFirefox sometimes crashes when extension is installed.
I followed these instructions and completely deleted the extension, restarted Firefox, deleted all "extensions.dnssec.*" keys in "about:config" and restarted again before installi...Firefox sometimes crashes when extension is installed.
I followed these instructions and completely deleted the extension, restarted Firefox, deleted all "extensions.dnssec.*" keys in "about:config" and restarted again before installing version 2.1.2 of the " DNSSEC/TLSA Validator" extension.
https://addons.mozilla.org/de/firefox/addon/dnssec-validator/#detail-relnotes
Software used:
OS: openSUSE 13.1 Linux (x86_64)
Firefox version 32.0 by openSUSE (x86_64)
DNSSEC/TLSA Validator version 2.1.2 (also tried version 2.2.0.1)
Another reports:
1) I've recently had to disable DNSSEC/TLSA validator (v2.2.0.1) when running in Firefox 36.0.4 'cos it seems to cause FF to repeatedly crash. Some more detail: I looked at page "about:crashes" in Firefox and picked out a couple of crash reports - the most recent and one a week ago. What they had in common was the crash reason: EXCEPTION_ACCESS_VIOLATION_READ, and the following dll highlighted in red as a possible culprit: libDNSSECcore-WINNT-x86.dll. I guessed that this might be used by the FF plugin DNSSEC/TLSA validator (v2.2.0.1). So disabled that plugin. Firefox then stopped crashing. Are the developers maintaining this plugin? If so, will they address this problem? I should say, that when the plugin worked, it was of little use to me - so turning it off was no sacrifice.
2) DNSSEC/TLSA Validator 2.2.0.1 Addon for Firefox browser causes a Firefox (version 36.0) crash if You close Firefox before a web page is fully loaded. It's always a plugin-container error.
2.3.0Karel SlanýKarel Slanýhttps://gitlab.nic.cz/labs/dnssec-validator/-/issues/48OS X chromium plugin scripts (tlsa and dnssec) fail to install their respecti...2017-11-17T22:57:27+01:00Ghost UserOS X chromium plugin scripts (tlsa and dnssec) fail to install their respective coresThis issue affects both tlsa and dnssec installation scripts.
Browsers installed:
- Google Chrome (stable) 37.0.2062.124
- Google Chrome Canary 40.0.2173.0
- Chromium (stable) 37.0.2062.124 (281580)
Platform:
- 10.9.5 (13F3...This issue affects both tlsa and dnssec installation scripts.
Browsers installed:
- Google Chrome (stable) 37.0.2062.124
- Google Chrome Canary 40.0.2173.0
- Chromium (stable) 37.0.2062.124 (281580)
Platform:
- 10.9.5 (13F34)
Usage:
mkdir $TMPDIR/dnssec-validator-tmp
cd $TMPDIR/dnssec-validator-tmp
curl -LsO https://secure.nic.cz/files/dnssec-validator/2.2.0/dnssec-plugin-2.2.0.x-macosx.sh
chmod +x dnssec-plugin-2.2.0.x-macosx.sh
./dnssec-plugin-2.2.0.x-macosx.sh
Result:
Cannot install chromium extension on OS X.
A CRX file has been created in the current directory.
-n You may now install the file '/var/folders/z3/dwlmgt356wv9gyshgyyvd3bw0000gn/T/jjj/dnssec-pkg.crx' into those browsers:
-n 'Google Chrome'
-e 1) Run the browser.
-e 2) Open the page chrome://extensions/ .
-e 3) Drag and drop the CRX file into the page and accept the notification.
-e 4) Restart the browser.
Installing the resulting CRX and restarting the browser (for example, Opera) the settings pane always displays the following error:
The DNSSEC validating core could not be initialised. Please install the DNSSEC validating core in the version matching this extension and then restart your browser.
This seems to indicate the core was not installed, however it is unclear what did or did not happen.
(Minor note: `-e` and `-n` output are bashishms)2.3.0Karel SlanýKarel Slanýhttps://gitlab.nic.cz/labs/dnssec-validator/-/issues/50Better warning on validation failure2017-11-17T22:57:26+01:00Ghost UserBetter warning on validation failureIt would be nice if there would be an option to have a proper warning on DNSSEC/TLSA validation failure.
The icons can be easily overlooked.
Some kind of a confirmation dialog requiring explicit user input before allowing the user to d...It would be nice if there would be an option to have a proper warning on DNSSEC/TLSA validation failure.
The icons can be easily overlooked.
Some kind of a confirmation dialog requiring explicit user input before allowing the user to do anything else would be great.2.3.0https://gitlab.nic.cz/labs/dnssec-validator/-/issues/51AS: plugin's NPAPI methods can not be loaded in Safari 8.0 - OS X Yosemite2017-11-17T22:57:26+01:00Martin StrakaAS: plugin's NPAPI methods can not be loaded in Safari 8.0 - OS X YosemiteMay be: Safari 8.0 has bug with loading of NAPAI modules. More info is here.
https://forums.lastpass.com/viewtopic.php?f=7&t=148265&p=496215&hilit=NPAPI
Based on the last info, Safari 8.x and latest does not support NPAPI. The supp...May be: Safari 8.0 has bug with loading of NAPAI modules. More info is here.
https://forums.lastpass.com/viewtopic.php?f=7&t=148265&p=496215&hilit=NPAPI
Based on the last info, Safari 8.x and latest does not support NPAPI. The support for this browser will be stopped.
GOOD NEW: The support for this browser will be continuous.
on the back burnerMartin StrakaMartin Strakahttps://gitlab.nic.cz/labs/dnssec-validator/-/issues/52both `dnssec-plug` and `dane-plug` shouldn't fallback to root servers2017-08-23T10:32:07+02:00Marek Seberaboth `dnssec-plug` and `dane-plug` shouldn't fallback to root serversI use plugins along with Unbound as my system resolver.
Going to https://bad-sig.dane.verisignlabs.com/ will first try to resolve it through set resolver, and if it fails, it tries again by connecting to root NS (root-servers.net)
...I use plugins along with Unbound as my system resolver.
Going to https://bad-sig.dane.verisignlabs.com/ will first try to resolve it through set resolver, and if it fails, it tries again by connecting to root NS (root-servers.net)
There should be option to disable the extension, to use other than set resolver (then it can be used to test system resolver settings)
Issue exists in both binaries (dnssec-plug and dane-plug)
My system is Chrome Canary (version 40), OSX 10.9.5 2.3.0https://gitlab.nic.cz/labs/dnssec-validator/-/issues/53Issues with SNI?2017-08-23T10:32:07+02:00Ghost UserIssues with SNI?I have two websites on the same IP using SNI, both secured with DNSSEC and different TLSA records.
Also the TTL for the A record is only 10s.
Using Firefox, most of the time everything works and both icons show green. However sometim...I have two websites on the same IP using SNI, both secured with DNSSEC and different TLSA records.
Also the TTL for the A record is only 10s.
Using Firefox, most of the time everything works and both icons show green. However sometimes if I had the first page open for a while then open the other I get a red icon for the TLSA record. However all links on the page work fine (I selected to block if TLSA record is wrong)
Just doing a refresh in the browser does not help.
Closing the brower and opening it again shows both as green again, so it probably is caching something and maybe not using the name but the IP somehow?
The pages in question (slow upstream, be gentle... :-)
* https://k8n.de
* https://chinesisch123.de
on the back burnerhttps://gitlab.nic.cz/labs/dnssec-validator/-/issues/55Plugin isn't detected by Chrome2017-08-23T10:32:07+02:00Jiří AdámekPlugin isn't detected by ChromeDNSSEC and TLSA plugins are not detected by Chrome when a user has restricted rights in Windows (non administrator). OS: Windows 8.1 64-bit.DNSSEC and TLSA plugins are not detected by Chrome when a user has restricted rights in Windows (non administrator). OS: Windows 8.1 64-bit.