DANE support
-
Hey you guys, there's a new open standard out there and it's called DANE. It aims to realize SSL/TLS encryption without the Certification Authorities.
Doing this, it can harden our everyday encryption and make the work of the NSA, GCHQ and so on a bit harder. I would love to see Vivaldi support it as one of the leading web browsers out there.
It's maybe a bit early to propose this feature, but I just wanted to throw it in. Greetings, asyncial.
P.S: Support in the vivaldi.net mail servers would be great, too
modedit fixed link, shortened title
-
Any news about this guys?
-
@army1349 That could be a significant effort. The referenced Wikipedia article mentioned that in 2012 the Chromium team had security concerns about how the encryption for DNSSEC was deployed, we'd need to investigate if they're still relevant today. We want to complete other big milestones with Vivaldi services first before considering this.
-
@gaelle I think DNSSEC is considered pretty solid nowadays. Strength of the root signing key was increased to 2048-bit RSA in 2016. I hope it will come to this. It could mean end of CA craziness (CT, CRL, OCSP) and put site owners in control.
-
@army1349 FYI, it doesn't look like the Chromium team will be adding support for this anytime soon: https://crbug.com/914519
-
@xyzzy Yeah, I don't expect they will.
Is there a reasonable way to bypass Chromium and add this directly to Vivaldi? -
The only extension to add DANE/TLS support has ended development
https://www.dnssec-validator.cz/
I have been asking for this code to be integrated into the browser for several years, as it;
a) would avoid the problems the extension developers faced
b) make Vivaldi a world leader in secure authenticated browsingHowever as votes are what get features added, not importance, don't expect to see this ability until the choice is taken away and it is forced on all browsers.
-