Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
social.tchncs.de is one of the many independent Mastodon servers you can use to participate in the fediverse.
A friendly server from Germany – which tends to attract techy people, but welcomes everybody. This is one of the oldest Mastodon instances.

Administered by:

Server stats:

3.9K
active users

social.tchncs.de: AboutProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.6

Public
Pixelcode 🇺🇦

I don't fully understand criticism yet: A major argument against it is that it's a “government-controlled PKI” and that, for example, “Gaddafi would have controlled bit.ly’s TLS keys if it had been deployed earlier”.

But isn't that a strawman? If a bad actor controls DNSSEC, they control all the other records too, i.e. the government can always point domains wherever they like and obtain valid certificates. The Taliban closed down queer.af completely without DNSSEC.

Pixelcode 🇺🇦

and should not replace the established certificate authority system, because it would undermine end-to-end encryption between client and server, but I do believe that DNSSEC/DANE serve a legitimate role: preventing spoofing by third parties, i.e. proving that a DNS record really comes from the correct name server.

And in order to keep DNS requests private, DoH/DoT/DoQ should be the default.

Nov 17, 2024, 02:40 PM·Public·Phanpy
0boosts·3favorites
ExploreLive feeds
About