Please publish DANE TLSA records for obsproject.com

[jscott0]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi,
obsproject.com supports DNSSEC; that's awesome! That means you're 99% of the
way there to supporting DANE. All you have to do is publish a TLSA record.
Could you look into doing that?

Thanks
-----BEGIN PGP SIGNATURE-----

iHUEARYIAB0WIQSiPzylvTnZ6xisfzWz9N0oYfTNugUCZDrS3QAKCRCz9N0oYfTN
utgyAPsHag2MiAFj2JEZoUdVsdRVxbP95v/ikr9VnwkuIvzZQwEAjF3Tsf4U7out
zuU1OgPDcq+Pm9KI1C1YFzHBEYwNpQM=
=t5kz
-----END PGP SIGNATURE-----

 

[R1CH]

For what purpose? DANE for HTTPS is not supported by any major browser.

 

[jscott0]

For what purpose? DANE for HTTPS is not supported by any major browser.

My personal opinion is that we're in a sort of chicken-and-egg problem. Browsers are waiting for more sites to adopt DANE before they prioritize implementing it. Adopting DANE (you've already got DNSSEC, the hard part is over!) would be making a statement that you believe it is a good technology and support alternative public key infrastructure.
Browser extensions and other tricks for DANE support do exist as crutches in the meantime. There was a time when HTTPS wasn't widely adopted, and it took one site at a time to adopt it to change that. If OBS adopts DANE, which I expect should be easy for you, then you support raising the bar on Internet security.
Also, other programs and libraries besides browsers use the website. GNU Wget (which includes a library) is merging DANE support right now.