home.social

#rfc7672 — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #rfc7672, aggregated by home.social.

fetched live
  1. Meysam @[email protected] ·

    DANE (RFC 7672) publishes your mail server's TLS certificate fingerprint as a TLSA record in DNSSEC-signed DNS.

    no certificate authority trust chain required. the trust anchor is DNS itself.

    ```
    _25._tcp.mail.yourdomain.com. IN TLSA 3 1 1 <SHA-256 hash>
    ```

    the prerequisite: your domain must be DNSSEC-signed.

    without DNSSEC, DANE records can be spoofed, which defeats the purpose.

    dmarcguard.io/tools/dane-check

    #DMARC #EmailSecurity #DANE #DNSSEC #RFC7672 #TLS

    #dmarc #emailsecurity #dane #dnssec #rfc7672 #tls
  2. Meysam @[email protected] ·

    DANE (RFC 7672) publishes your mail server's TLS certificate fingerprint as a TLSA record in DNSSEC-signed DNS.

    no certificate authority trust chain required. the trust anchor is DNS itself.

    ```
    _25._tcp.mail.yourdomain.com. IN TLSA 3 1 1 <SHA-256 hash>
    ```

    the prerequisite: your domain must be DNSSEC-signed.

    without DNSSEC, DANE records can be spoofed, which defeats the purpose.

    dmarcguard.io/tools/dane-check

    #DMARC #EmailSecurity #DANE #DNSSEC #RFC7672 #TLS

    #dmarc #emailsecurity #dane #dnssec #rfc7672 #tls