Web SSL Certificates verified by DNSSEC-protected DNS records (DANE TLSA)

  • If I visit a https website which uses a self signed certificate and has valid TLSA Records protected by DNSSEC according to RFC-6698 and RFC-7218 (e.g. https://www.udin.ch), Opera comes up with the usual warning message because it validates against Trusted Root CAs only.

    Opera should prefer and honor DNSSEC-validated TLSA before falling back to "classic" Root CA TLS verification. This would enable everyone to use their own self-signed certificates and give a real motivation to implement DNSSEC.

Log in to reply

Looks like your connection to Opera forums was lost, please wait while we try to reconnect.