<![CDATA[Web SSL Certificates verified by DNSSEC-protected DNS records (DANE TLSA)]]>

<![CDATA[Web SSL Certificates verified by DNSSEC-protected DNS records (DANE TLSA)]]>If I visit a https website which uses a self signed certificate and has valid TLSA Records protected by DNSSEC according to RFC-6698 and RFC-7218 (e.g. https://www.udin.ch), Opera comes up with the usual warning message because it validates against Trusted Root CAs only.

Opera should prefer and honor DNSSEC-validated TLSA before falling back to "classic" Root CA TLS verification. This would enable everyone to use their own self-signed certificates and give a real motivation to implement DNSSEC.

]]>https://forums.opera.com/topic/11681/web-ssl-certificates-verified-by-dnssec-protected-dns-records-dane-tlsaRSS for NodeFri, 15 May 2026 21:12:02 GMTMon, 07 Sep 2015 10:39:53 GMT60