-
The current default SSL security policy of the `monero-wallet-cli` and `monero-wallet-rpc` is to autodetect whether the daemon RPC has SSL enabled. A root-CA check against the domain is attempted, but…
-
Looks like it stems from `ldns-signzone` breaking when trying to parse CAA records. The solution right now is to correct the records in `/etc/nsd/zones/` and run `ldns-signzone` manually, then deleti…
-
Hi,
thanks for swede - the nic.cz dnssec/tlsa firefox plugin is nice, but I also needed something for the command line, so swede came to the rescue.
However, when wrapping it into a monitoring check…
df7cb updated
10 years ago
-
Issues to explore/resolve. Some of these might require an "ask" from IETF and/or W3C
1. DNS record types to support high assurance DIDs
DID (_did) type for specifying did:methods to invoke oth…
-
Based on our meeting this morning, I have generalized the configuration for issuers. The record for each issuer now is
```bash
{"domain": "trustroot.ca", "typ": "dns/did", "alg": "secp256k1","privke…
-
From Viktor:
" I'm not sure what purpose the last paragraph of section 3 is
intended to serve:
Obviously, an authentication chain will be most compact and easiest
to verify if each RRset has …
-
**Description**
Running on open-source software and supported by SSE, [deSEC](https://desec.io/) is free for everyone to use.
**Example**
DNSSEC
DNS information hosted with deSEC is signed u…
-
Transport security in SMTP world is merely Opportunistic, there is no practice like in the Web to always require encryption with matching DNS-ID and trusted certificate. Additionally, things get compl…
-
For DANE
-
When testing my domain (that has DNSSEC, but not TLSA records), I get a Python error at line 404 of dane_checker.py:
=> 404 if n.endswith("."): n = n[0:-1]
n = b'mail', n.endswith =
TypeE…