Email or username:

Password:

Forgot your password?
All posts Eugen's posts Post Back to profile
Top-level
Eugen Rochko

@kravietz @selea Can you elaborate on what you want from that feature and how you imagine it working?

26 May 2020 at 13:32 | Open on mastodon.social
No comments
kravietz 🦇

@Gargron @selea

On each attempt to connect to a federated instance:

1) check presence of TLSA record in DNS for _xxx._tcp.host.example.com where _xxx is the target port number used by Mastodon/Matrix
2) get the hash from the TLSA record
3) when TLS connection is established, verify the TLSA hash against the certificate actually received

Details en.wikipedia.org/wiki/DNS-base

@Gargron @selea

On each attempt to connect to a federated instance:

1) check presence of TLSA record in DNS for _xxx._tcp.host.example.com where _xxx is the target port number used by Mastodon/Matrix
2) get the hash from the TLSA record
3) when TLS connection is established, verify the TLSA hash against the certificate actually received

26 May 2020 at 13:40 | Open on social.privacytools.io
kravietz 🦇

@Gargron @selea

Oh and 0) check if DNS response is DNSSEC-authenticated

For Synapse I can actually come up with a PR as it's Python, not sure about Mastodon.

26 May 2020 at 13:49 | Open on social.privacytools.io
:debian: 𝚜𝚎𝚕𝚎𝚊 :t_blink:

@kravietz did explain it very well, so I do feel that I do not need to explain it further :)

@Gargron

26 May 2020 at 14:05 | Open on social.linux.pizza
Go Up