repo: tlsa
action: summary
revision: 
path_from: 
revision_from: :
path_to: 
revision_to:
git.thebackupbox.net
tlsa
git clone git://git.thebackupbox.net/tlsa
branches
[trunk/]
[tree] copyright information added
 TODO:

 [ ] load the TOFU certs
 [ ] remove a lot of stuff?
 [ ] figure out how to get all the needed checks and fallbacks while only making one connection to the server.

 what to do if:

    \ DNSSEC |
 TLSA\  good | bad  | gone
 -----+-------------+---------
 good |  a   |  b   |   c
 -----|------+------+--------
 bad  |  d   |  e   |   f
 -----|------+------+--------
 gone |  g   |  h   |   i


    DNSSEC | TLSA |
 a: good   | good | best situation. connect happily.
 b: bad    | good | but TLSA is good... reject.
 c: gone   | good | TLSA is present and good. maybe accept but warn?
 d: good   | bad  | TLSA is bad. reject.
 e: bad    | bad  | obviously reject.
 f: gone   | bad  | reject.
 g: good   | gone | accept but warn?
 h: bad    | gone | reject.
 i: gone   | gone | accept because most servers are this way.

 so, it looks like...:

 if DNSSEC == good and TLSA == good:
 	accept

 else if DNSSEC == bad or TLSA == bad:
 	reject

 else:
 	warn, but accept