add RSA+ECDSA pins for rgnet-iad.anycast.censurfridns.dk node v4+v6

getdnsapi / stubby

Stubby is the name given to a mode of using getdns which enables it to act as a local DNS Privacy stub resolver (using DNS-over-TLS).

https://dnsprivacy.org/dns_privacy_daemon_-_stubby/

BSD 3-Clause "New" or "Revised" License

1.2k stars 99 forks source link

add RSA+ECDSA pins for rgnet-iad.anycast.censurfridns.dk node v4+v6 #275

Closed tykling closed 3 years ago

tykling commented 3 years ago

Hello :)

Just a small update to add RSA + ECDSA pins for a recently revived anycast node in Washington, USA: rgnet-iad.anycast.censurfridns.dk

Best regards and a happy new year

/Thomas

tykling commented 3 years ago

These pins have been published in the DNS as TLSA records as well, in case verification is needed :)

ntninja commented 3 years ago

      - digest: "sha256"
        value: 97tijP/z/JpGmYN3fuWTuTYl6zYripxVOEv2V2iBa8Y=
      - digest: "sha256"
        value: 9FmNCbxBrYzAlges3DXuWICjvUSMY/vxlNSeqDleLTw=
      - digest: "sha256"
        value: Y4gU6vmrYSpNykdq0S1Po7Ar9sBFj26KAOKIcJQyoX8=
      - digest: "sha256"
        value: x72/vIQoOu7mCuu1cSbeqOZNv9u+mK/2UtKjXDi0hto=

@tykling: Are these the shut down Solido and Bornfibre nodes? Should they be removed or kept in the config?

tykling commented 3 years ago

hm, I think so, but I would have to check. This would be a lot easier if there was a comment line for each key (so digest, value, comment for each)

I will make a new PR removing the keys for the retired nodes, thanks for reminding me :)

saradickinson commented 3 years ago

@tykling thanks for trying to keep your keys up to date (and apologies for a long time since last release) - we are hoping to do start a release this week so if you need to remove some keys please do asap :-)