prosody-modules: mod_s2s_auth_dane/README.markdown@5113f8ff6712 (annotated)

1807 4d73a1a6ba68 Convert all wiki pages to Markdown Kim Alvefur <zash@zash.se> parents: diff changeset	1	---
4d73a1a6ba68 Convert all wiki pages to Markdown Kim Alvefur <zash@zash.se> parents: diff changeset	2	labels:
4d73a1a6ba68 Convert all wiki pages to Markdown Kim Alvefur <zash@zash.se> parents: diff changeset	3	- 'Stage-Alpha'
4d73a1a6ba68 Convert all wiki pages to Markdown Kim Alvefur <zash@zash.se> parents: diff changeset	4	- 'Type-S2SAuth'
4d73a1a6ba68 Convert all wiki pages to Markdown Kim Alvefur <zash@zash.se> parents: diff changeset	5	summary: S2S authentication using DANE
4d73a1a6ba68 Convert all wiki pages to Markdown Kim Alvefur <zash@zash.se> parents: diff changeset	6	...
4d73a1a6ba68 Convert all wiki pages to Markdown Kim Alvefur <zash@zash.se> parents: diff changeset	7
4d73a1a6ba68 Convert all wiki pages to Markdown Kim Alvefur <zash@zash.se> parents: diff changeset	8	Introduction
1840 5113f8ff6712 mod_s2s_auth_dane/README: Bump heading levels (modules.prosody.im decreases them one step) and fix some missing spaces Kim Alvefur <zash@zash.se> parents: 1807 diff changeset	9	============
1807 4d73a1a6ba68 Convert all wiki pages to Markdown Kim Alvefur <zash@zash.se> parents: diff changeset	10
4d73a1a6ba68 Convert all wiki pages to Markdown Kim Alvefur <zash@zash.se> parents: diff changeset	11	This module implements DANE as described in[Using DNS Security
4d73a1a6ba68 Convert all wiki pages to Markdown Kim Alvefur <zash@zash.se> parents: diff changeset	12	Extensions (DNSSEC) and DNS-based Authentication of Named Entities
4d73a1a6ba68 Convert all wiki pages to Markdown Kim Alvefur <zash@zash.se> parents: diff changeset	13	(DANE) as a Prooftype for XMPP Domain Name
4d73a1a6ba68 Convert all wiki pages to Markdown Kim Alvefur <zash@zash.se> parents: diff changeset	14	Associations](http://tools.ietf.org/html/draft-miller-xmpp-dnssec-prooftype).
4d73a1a6ba68 Convert all wiki pages to Markdown Kim Alvefur <zash@zash.se> parents: diff changeset	15
4d73a1a6ba68 Convert all wiki pages to Markdown Kim Alvefur <zash@zash.se> parents: diff changeset	16	Dependencies
1840 5113f8ff6712 mod_s2s_auth_dane/README: Bump heading levels (modules.prosody.im decreases them one step) and fix some missing spaces Kim Alvefur <zash@zash.se> parents: 1807 diff changeset	17	============
1807 4d73a1a6ba68 Convert all wiki pages to Markdown Kim Alvefur <zash@zash.se> parents: diff changeset	18
4d73a1a6ba68 Convert all wiki pages to Markdown Kim Alvefur <zash@zash.se> parents: diff changeset	19	This module requires a DNSSEC aware DNS resolver. Prosodys internal
4d73a1a6ba68 Convert all wiki pages to Markdown Kim Alvefur <zash@zash.se> parents: diff changeset	20	DNSmodule does not support DNSSEC. Therefore, to use this module,
4d73a1a6ba68 Convert all wiki pages to Markdown Kim Alvefur <zash@zash.se> parents: diff changeset	21	areplacement is needed, such as [this
4d73a1a6ba68 Convert all wiki pages to Markdown Kim Alvefur <zash@zash.se> parents: diff changeset	22	one](https://www.zash.se/luaunbound.html).
4d73a1a6ba68 Convert all wiki pages to Markdown Kim Alvefur <zash@zash.se> parents: diff changeset	23
4d73a1a6ba68 Convert all wiki pages to Markdown Kim Alvefur <zash@zash.se> parents: diff changeset	24	More installation instructions can be found at [Prosody with
4d73a1a6ba68 Convert all wiki pages to Markdown Kim Alvefur <zash@zash.se> parents: diff changeset	25	DANE](https://www.zash.se/prosody-dane.html).
4d73a1a6ba68 Convert all wiki pages to Markdown Kim Alvefur <zash@zash.se> parents: diff changeset	26
4d73a1a6ba68 Convert all wiki pages to Markdown Kim Alvefur <zash@zash.se> parents: diff changeset	27	Configuration
1840 5113f8ff6712 mod_s2s_auth_dane/README: Bump heading levels (modules.prosody.im decreases them one step) and fix some missing spaces Kim Alvefur <zash@zash.se> parents: 1807 diff changeset	28	=============
1807 4d73a1a6ba68 Convert all wiki pages to Markdown Kim Alvefur <zash@zash.se> parents: diff changeset	29
4d73a1a6ba68 Convert all wiki pages to Markdown Kim Alvefur <zash@zash.se> parents: diff changeset	30	After [installing the
4d73a1a6ba68 Convert all wiki pages to Markdown Kim Alvefur <zash@zash.se> parents: diff changeset	31	module](https://prosody.im/doc/installing_modules), just add it to
4d73a1a6ba68 Convert all wiki pages to Markdown Kim Alvefur <zash@zash.se> parents: diff changeset	32	`modules_enabled`;
4d73a1a6ba68 Convert all wiki pages to Markdown Kim Alvefur <zash@zash.se> parents: diff changeset	33
4d73a1a6ba68 Convert all wiki pages to Markdown Kim Alvefur <zash@zash.se> parents: diff changeset	34	modules_enabled = {
4d73a1a6ba68 Convert all wiki pages to Markdown Kim Alvefur <zash@zash.se> parents: diff changeset	35	...
4d73a1a6ba68 Convert all wiki pages to Markdown Kim Alvefur <zash@zash.se> parents: diff changeset	36	"s2s_auth_dane";
4d73a1a6ba68 Convert all wiki pages to Markdown Kim Alvefur <zash@zash.se> parents: diff changeset	37	}
4d73a1a6ba68 Convert all wiki pages to Markdown Kim Alvefur <zash@zash.se> parents: diff changeset	38
4d73a1a6ba68 Convert all wiki pages to Markdown Kim Alvefur <zash@zash.se> parents: diff changeset	39	DNS Setup
1840 5113f8ff6712 mod_s2s_auth_dane/README: Bump heading levels (modules.prosody.im decreases them one step) and fix some missing spaces Kim Alvefur <zash@zash.se> parents: 1807 diff changeset	40	=========
1807 4d73a1a6ba68 Convert all wiki pages to Markdown Kim Alvefur <zash@zash.se> parents: diff changeset	41
4d73a1a6ba68 Convert all wiki pages to Markdown Kim Alvefur <zash@zash.se> parents: diff changeset	42	In order for other services to verify your site using using this
4d73a1a6ba68 Convert all wiki pages to Markdown Kim Alvefur <zash@zash.se> parents: diff changeset	43	plugin,you need to publish TLSA records (and they need to have this
1840 5113f8ff6712 mod_s2s_auth_dane/README: Bump heading levels (modules.prosody.im decreases them one step) and fix some missing spaces Kim Alvefur <zash@zash.se> parents: 1807 diff changeset	44	plugin). Here's an example using `DANE-EE Cert SHA2-256` for a host
5113f8ff6712 mod_s2s_auth_dane/README: Bump heading levels (modules.prosody.im decreases them one step) and fix some missing spaces Kim Alvefur <zash@zash.se> parents: 1807 diff changeset	45	named `xmpp.example.com` serving the domain `example.com`.
1807 4d73a1a6ba68 Convert all wiki pages to Markdown Kim Alvefur <zash@zash.se> parents: diff changeset	46
4d73a1a6ba68 Convert all wiki pages to Markdown Kim Alvefur <zash@zash.se> parents: diff changeset	47	$ORIGIN example.com.
4d73a1a6ba68 Convert all wiki pages to Markdown Kim Alvefur <zash@zash.se> parents: diff changeset	48	; Your standard SRV record
4d73a1a6ba68 Convert all wiki pages to Markdown Kim Alvefur <zash@zash.se> parents: diff changeset	49	_xmpp-server._tcp.example.com IN SRV 0 0 5269 xmpp.example.com.
4d73a1a6ba68 Convert all wiki pages to Markdown Kim Alvefur <zash@zash.se> parents: diff changeset	50	; IPv4 and IPv6 addresses
4d73a1a6ba68 Convert all wiki pages to Markdown Kim Alvefur <zash@zash.se> parents: diff changeset	51	xmpp.example.com. IN A 192.0.2.68
4d73a1a6ba68 Convert all wiki pages to Markdown Kim Alvefur <zash@zash.se> parents: diff changeset	52	xmpp.example.com. IN AAAA 2001:0db8:0000:0000:4441:4e45:544c:5341
4d73a1a6ba68 Convert all wiki pages to Markdown Kim Alvefur <zash@zash.se> parents: diff changeset	53
4d73a1a6ba68 Convert all wiki pages to Markdown Kim Alvefur <zash@zash.se> parents: diff changeset	54	; The DANE TLSA records. These three are equivalent, you would use only one of them.
4d73a1a6ba68 Convert all wiki pages to Markdown Kim Alvefur <zash@zash.se> parents: diff changeset	55	; First, using symbolic names:
4d73a1a6ba68 Convert all wiki pages to Markdown Kim Alvefur <zash@zash.se> parents: diff changeset	56	_5269._tcp.xmpp.example.com. 300 IN TLSA DANE-EE Cert SHA2-256 E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
4d73a1a6ba68 Convert all wiki pages to Markdown Kim Alvefur <zash@zash.se> parents: diff changeset	57	; Using numbers:
4d73a1a6ba68 Convert all wiki pages to Markdown Kim Alvefur <zash@zash.se> parents: diff changeset	58	_5269._tcp.xmpp.example.com. 300 IN TLSA 3 0 1 E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
4d73a1a6ba68 Convert all wiki pages to Markdown Kim Alvefur <zash@zash.se> parents: diff changeset	59	; Raw binary format, should work even with very old DNS tools:
4d73a1a6ba68 Convert all wiki pages to Markdown Kim Alvefur <zash@zash.se> parents: diff changeset	60	_5269._tcp.xmpp.example.com. 300 IN TYPE52 \# 35 030001E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
4d73a1a6ba68 Convert all wiki pages to Markdown Kim Alvefur <zash@zash.se> parents: diff changeset	61
4d73a1a6ba68 Convert all wiki pages to Markdown Kim Alvefur <zash@zash.se> parents: diff changeset	62	[List of DNSSEC and DANE
4d73a1a6ba68 Convert all wiki pages to Markdown Kim Alvefur <zash@zash.se> parents: diff changeset	63	tools](http://www.internetsociety.org/deploy360/dnssec/tools/)
4d73a1a6ba68 Convert all wiki pages to Markdown Kim Alvefur <zash@zash.se> parents: diff changeset	64
4d73a1a6ba68 Convert all wiki pages to Markdown Kim Alvefur <zash@zash.se> parents: diff changeset	65	Further reading
1840 5113f8ff6712 mod_s2s_auth_dane/README: Bump heading levels (modules.prosody.im decreases them one step) and fix some missing spaces Kim Alvefur <zash@zash.se> parents: 1807 diff changeset	66	===============
1807 4d73a1a6ba68 Convert all wiki pages to Markdown Kim Alvefur <zash@zash.se> parents: diff changeset	67
4d73a1a6ba68 Convert all wiki pages to Markdown Kim Alvefur <zash@zash.se> parents: diff changeset	68	- [DANE TLSA implementation and operational
4d73a1a6ba68 Convert all wiki pages to Markdown Kim Alvefur <zash@zash.se> parents: diff changeset	69	guidance](http://tools.ietf.org/html/draft-ietf-dane-ops)
4d73a1a6ba68 Convert all wiki pages to Markdown Kim Alvefur <zash@zash.se> parents: diff changeset	70
4d73a1a6ba68 Convert all wiki pages to Markdown Kim Alvefur <zash@zash.se> parents: diff changeset	71	Compatibility
1840 5113f8ff6712 mod_s2s_auth_dane/README: Bump heading levels (modules.prosody.im decreases them one step) and fix some missing spaces Kim Alvefur <zash@zash.se> parents: 1807 diff changeset	72	=============
1807 4d73a1a6ba68 Convert all wiki pages to Markdown Kim Alvefur <zash@zash.se> parents: diff changeset	73
4d73a1a6ba68 Convert all wiki pages to Markdown Kim Alvefur <zash@zash.se> parents: diff changeset	74	Requires 0.9 or above.

author	Kim Alvefur <zash@zash.se>
	Wed, 09 Sep 2015 17:00:23 +0200
changeset 1840	5113f8ff6712
parent 1807	4d73a1a6ba68
child 1841	6a3b48eded35
permissions	-rw-r--r--