Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
en.osm.town is one of the many independent Mastodon servers you can use to participate in the fediverse.
An independent, community of OpenStreetMap people on the Fediverse/Mastodon. Funding graciously provided by the OpenStreetMap Foundation.

Administered by:

Server stats:

267
active users

en.osm.town: AboutProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.7

#dane

1 post1 participant0 posts today
Public
frox

Another #prosody release and another smooth upgrade. This one's a biggie, the 0. versioning has been dropped !
There's some additions for #DANE and channel binding, which I should look into. Also more granular permissions, which will surely be useful for deployments bigger than mine.
Downtime was also short enough to not trigger the uptime monitors.
I see even the bookworm-backports package is updated. blog.prosody.im/prosody-13.0.0
#xmpp #selfhosting

blog.prosody.im · Prosody 13.0.0 released!
More from Prosody IM
Public *
Ben Royce 🇺🇦

#Denmark:

As an #American I must educate you as to recent territorial claims

The last #Dane to rule #England was Harthacnut because Edward the Confessor stole the title from his successor Magnus

Thus all governments of #Britain since then are illegitimate and Denmark is still rightful ruler of the #BritishIsles

Secondly the #AmericanRevolution was an illegal war of independence. Thus the #USA is still a territory of the #UK

Ergo, the #US is in reality owned by Denmark

Glad to clear this up

Harthacnut
Continued thread
Public *
Pixelcode 🇺🇦

#DNSSEC and #DANE should not replace the established #TLS certificate authority system, because it would undermine end-to-end encryption between client and server, but I do believe that DNSSEC/DANE serve a legitimate role: preventing #DNS spoofing by third parties, i.e. proving that a DNS record really comes from the correct name server.

And in order to keep DNS requests private, DoH/DoT/DoQ should be the default.

Replied in thread
Public
Petr Menšík :fedora:

@letoams @soatok Hmm, perhaps we could map SSH keys identity to people very similar way as OPENPGPKEY record in #DANE, but with #SSHFP instead. We could reuse the algorithm for owner name creation, just use different record. But does not match how I use my SSH keys. I have each per machine, not one per person. I think I do them how I should, right?

Public
EAS Watcher

#EAS for Columbia, #WI; #Dane, #WI; #Iowa, #WI; #Sauk, #WI: National Weather Service: #TORNADO WARNING in this area until 8:00 PM CDT. Take shelter now in a basement or an interior room on the lowest floor of a sturdy building. If you are outdoors, in a mobile home, or in a vehicle, move to the closest substantial shelter and protect yourself from flying debris. Check media. Source: NWS Milwaukee/Sullivan WI** DO NOT RELY ON THIS FEED FOR LIFE SAFETY, SEEK OUT OFFICIAL SOURCES ***

Tornado Warning - - NWS Milwaukee/Sullivan WI
Replied in thread
Public
Jan Schaumann

#SMTP Security via Opportunistic DNS-Based Authentication of Named Entities (#DANE) Transport Layer Security (TLS) is discovered using #TLSA records.

rfc-editor.org/rfc/rfc7672.htm

For SMTP, this would look like so:

$ dig +short tlsa _25._tcp.panix.netmeister.org
3 1 1 E83F02AF46A9C48613CC2793778262C6F1CF0C07C381FF1D92DCEF7C FA97750E
3 1 1 F49A707A5987F6E91ED57CEFBD513014B20129A20C454354DAFE3084 81885B9A
$

You can verify the TLSA record using 'openssl s_client':

$ openssl s_client -connect panix.netmeister.org:25 -starttls smtp \ -dane_tlsa_domain panix.netmeister.org \ -dane_tlsa_rrdata \ "3 1 1 E83F02AF46A9C48613CC2793778262C6F1CF0C07C381FF1D92DCEF7CFA97750E" \ 2>/dev/null | grep -B2 TLSA Verification: OK Verified peername: panix.netmeister.org DANE TLSA 3 1 1 ...c381ff1d92dcef7cfa97750e matched EE certificate at depth 0
ExploreLive feeds
About