TIL: https://check.sidnlabs.nl/dane/

#dane #dns #dnssec #tlsa

www.nic.cz changed its #TLSA RR but forgot to lower TTL before doing so. #Oops

$ dig +noall +answer _443._tcp.www.nic.cz TLSA
_443._tcp.www.nic.cz. 1334 IN TLSA 3 1 1 B0C8E88EEA57269FAD2A2F05AA0E1FFCED3281525CBC7185B52924D1 61FB0D5C

And here's what the auth server says

$ dig +noall +answer @a.ns.nic.cz. _443._tcp.www.nic.cz TLSA
_443._tcp.www.nic.cz. 1800 IN TLSA 3 1 1 80D53BD4DABDDF319FE34806A80C1086DD270279F3DD87D90B9E8077 465E2BE5

Last year, all of you together have executed 691,984 tests on https://Internet.nl and we have seen many of you improving 🚀. Congrats 🎉 to all 2,929 champions, 24,535 websites and 45 hosters in the Hall of Fame 💯. Let’s keep pushing together for a better Internet in 2023!

#moderninternet #standards #ipv6 #dnssec #rpki #https #dmarc #dane #tlsa

Just realised that #HTTP3 (and #QUIC) will need proper #TLSA records when I'll configure it for my website (and my public resolver) ie. I'll need to create _udp TLSA records (that node is valid for TLSA, see https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml#underscored-globally-scoped-dns-node-names )

Or it may be easier to use the _dane node (RFC 7671)? 🤔

eg.
_443._tcp.www IN CNAME www._dane
_443._udp.www IN CNAME www._dane
www._dane IN TLSA...

#dane #dns

#Tesla #TLSA hits a 52-week low.

https://www.youtube.com/watch?v=r8NsZd2CrjU

@dr3v3s @LetsEncryptOps

👍 See: https://community.letsencrypt.org/t/understanding-smtp-dane-implementation-options/184274/4

For some more background info on DANE TLSA see:
- https://github.com/internetstandards/toolbox-wiki/blob/main/DANE-for-SMTP-how-to.md
- https://github.com/baknu/DANE-for-SMTP

Hope this helps.

#DANE #TLSA #mailsecurity

Following the #Tesla / #Twitter rollercoaster has been very educational for me in terms of learning about the #StockMarket.

Yesterday, I watched the #TLSA stock price gyrate like a drowning man coming up for air & wondered who were desperate enough to buy? Turns out the South Koreans are - and with good reason.

Tesla’s Drop Puts $157 Million Korea #StructuredProducts at Risk | #SouthKorea
https://www.msn.com/en-us/money/other/teslas-drop-puts-dollar157-million-korea-structured-products-at-risk/ar-AA15KVje

source: https://finance.yahoo.com/quote/TSLA/

AFFILIATE MARKETING PROGRAM FOR SHOPIFY STORE

Have you been wondering of how to increase your store revenue and get ahead of competitors in your store product niche.
Affiliate program is specially designed to help you and promote your store sales, generate more traffic and increase conversion.
Click the link below to know more and get started.

https://www.fiverr.com/share/NQ0RBa

#thicktrunktuesday #business #tlsa #shorts #business #webcomics #website #webdevelopment #storm #store #shop #comedy #computer

https://www.linkedin.com/posts/tobbe1_dnssec-dane-ipv6-activity-7011282304341815296-ur4-?utm_source=share&utm_medium=member_desktop

#DANE #DNSSEC #TLSA

PSA: #LetsEncrypt is rotating intermediate #TLS certs, so if you are publishing #DANE #TLSA assertions in #DNSSEC, update them accordingly.

Announcement: https://letsencrypt.org/2020/09/17/new-root-and-intermediates.html
DANE-TA details: http://dnssec-stats.ant.isi.edu/~viktor/x3hosts.html

We have been playing with #XMPP and #DANE / #TLSA the other day and the new xmpp related STARTTLS features have come in very handy.

#letsencrypt #dane #tlsa

Pour tout ceux que le renouvellement à 3 mois des certificats de Let's Encrypt gêne du coté des enregistrements TLSA, j'ai eu une révélation, certes tardive.

Il me suffit de
-toujours utiliser le même Certificat Request pour le renouvelement.
-d'utiliser le 'selector' 1 dans le TLSA pour y faire apparaitre la clé public seulement et non pas tout le certificat (selector 0 par défaut)

et voila.

Merci @bortzmeyer
http://www.bortzmeyer.org/6698.html