diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2012-11-08 23:08:46 +0100 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2012-11-08 23:08:46 +0100 |
| commit | d3af4aada3a0f170535a2f90e2ec3121b34b9a85 (patch) | |
| tree | fcd7acd34d00b86528b4429c2c28cee1c3bd968b /doc | |
| parent | 3a7a9116a5ac1dd8fdb45ab90b6f86e6fcd10bb8 (diff) | |
| download | gnutls-d3af4aada3a0f170535a2f90e2ec3121b34b9a85.tar.gz | |
doc update
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/cha-cert-auth.texi | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/doc/cha-cert-auth.texi b/doc/cha-cert-auth.texi index 168b10639a..6b9c85d528 100644 --- a/doc/cha-cert-auth.texi +++ b/doc/cha-cert-auth.texi @@ -498,7 +498,9 @@ provide an alternative public key infrastructure to the commercial CAs that are typically used to sign TLS certificates. The DANE protocol takes advantage of the DNSSEC infrastructure to verify TLS certificates. This can be in addition to the verification by CA infrastructure or -could even replace it where DNSSEC is deployed. +may even replace it where DNSSEC is fully deployed. Note however, that DNSSEC deployment is +fairly new and it would be better to use it as an additional verification +method rather than the only one. The DANE functionality is provided by the @code{libgnutls-dane} library that is shipped with GnuTLS and the function prototypes are in @code{gnutls/dane.h}. |