When visiting a site with broken DANE validation the icon stays red
This is how my icon looks currently in one tab:
Obviously this is wrong, because if no DNSSEC is used you cannot even try to validate the TLSA entries.
So how did I get this?
- I visited https://dnscrypt.is/ and noticed that the DANE verification fails.
For some reason the error message tells me that the DNSSEC verification failed, but obviously the left icon is green and this indicates the DNSSEC verification worked correctly. So some background info: I used a DNS resolver with DNSSEC support a few seconds ago and as the resolver did not respond I switched to one without DNSSEC verification. So this confusing display might be caused by caching issues somehow.
- So the issue, which is really bad is that all sites I visited afterwards in the same tab also showed the red DANE icon even if they did not even used any DNSSEC verification.
Windows 7 FF 44.0