text updates to dane
This commit is contained in:
parent
ba69699998
commit
82f207b6d7
|
@ -19,7 +19,7 @@
|
|||
=> /~tomasino/journal/20211102-freedom.gmi 2021-11-02 Freedom
|
||||
=> /~tomasino/journal/20211103-making-gemini-easy.gmi 2021-11-03 Making Gemini Easy
|
||||
=> /~tomasino/journal/20211227-gemini-input.gmi 2021-12-27 Gemini Inputs
|
||||
=> /~tomasino/journal/20220214-dane-and-tls.gmi DANE and TLS
|
||||
=> /~tomasino/journal/20220214-dane-and-tls.gmi 2022-02-14 DANE and TLS
|
||||
|
||||
## Role Playing Games
|
||||
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
Last year I wrote a post on gemini about gemini (ICK) musing over ways to improve TOFU trust and lend some extra credibility to TLS usage as an actual protective mechanism and not just security theater. I shared thoughts based on my experience with SSHFP which did something similar. Some recent gemlog content has brought this back top of mind, so I thought it appropriate to expand and follow up on the idea.
|
||||
|
||||
=> SSHFP and the TOFU issue /~tomasino/journal/20210331-sshfp-and-the-tofu-issue.gmi
|
||||
=> /~tomasino/journal/20210331-sshfp-and-the-tofu-issue.gmi SSHFP and the TOFU issue
|
||||
|
||||
In my ignorance I completely missed the existence of a more appropriate solution than SSHFP: DANE.
|
||||
|
||||
|
@ -28,6 +28,10 @@ And here's some python showing how to do the verification:
|
|||
And here's a little guide on how DANE TLSA records can be checked and created for email. Just substitute 1965 instead of 25 and you're golden. This example also uses LetsEncrypt. Normally that's a PITA because people need to keep reapproving your cert every few months, but if we start building DANE checking into our clients that problem goes away.
|
||||
=> https://blogs.linux.pizza/deploy-tlsa-records-dane-on-your-email-server-with-lets-encrypt Deploy TLSA Records (DANE) on your Email Server with Let's Encrypt
|
||||
|
||||
UPDATE:
|
||||
|
||||
I've updated cosmic.voyage with a TLSA/DANE record. If you're looking to build lookup functionality into your client you can feel free to use it for testing.
|
||||
|
||||
|
||||
Originally Published 2022-02-14 at:
|
||||
gemini://tilde.team/~tomasino/journal/20220214-dane-and-tls.gmi
|
||||
|
|
|
@ -23,4 +23,4 @@
|
|||
=> /~tomasino/journal/20211102-freedom.gmi 2021-11-02 Freedom
|
||||
=> /~tomasino/journal/20211103-making-gemini-easy.gmi 2021-11-03 Making Gemini Easy
|
||||
=> /~tomasino/journal/20211227-gemini-input.gmi 2021-12-27 Gemini Inputs
|
||||
=> /~tomasino/journal/20220214-dane-and-tls.gmi DANE and TLS
|
||||
=> /~tomasino/journal/20220214-dane-and-tls.gmi 2022-02-14 DANE and TLS
|
||||
|
|
Loading…
Reference in New Issue