Tweetovi

Blokirali ste korisnika/cu @VDukhovni

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @VDukhovni

  1. 1. velj

    Today a shoutout to TenSquareGames who've configured mx[1-4].smtp.goog as MX hosts for at least 8 domains. [ Today's survey run is only 1/3 of the way through, so likely 20+ domains. ]

    Prikaži ovu nit
    Poništi
  2. 31. sij

    Great to hear AFNIC are planning to move 6 ccTLDs and 3 gTLDs to P256 (algorithm 13) based keys. If you read the blog post, some more precise numbers: * Unsigned TLDs number 140 not 200 * SIgned TLDs number 1376 (not 1300) * TLDs with obsolete algorithms number 275 (not 300)

    Poništi
  3. 30. sij

    That said, for a new deployment, algorithm 7 (RSA-SHA1) is regrettable. Ideally they'll consider switching to 13 or 8 sooner rather than later. And if 8, upgrading the ZSK to at least 1280 bits from 1024.

    Prikaži ovu nit
    Poništi
  4. 30. sij
    Prikaži ovu nit
    Poništi
  5. 24. sij
    Poništi
  6. 15. sij

    Today, a shout-out to whose domain is the latest to switch to mx[1-4].smtp.goog.

    Prikaži ovu nit
    Poništi
  7. 13. sij

    Using to mx[1-4].smtp.goog was simple enough for a law-firm in Lawrence Kansas, , freshly DNSSEC hosted by googledomains․com.

    Prikaži ovu nit
    Poništi
  8. 11. sij

    Zooming in on algorithm 5 (RSASHA1) and adding the next most popular algorithm (10 or RSASHA512) we see a strong hint that provider algorithm rollovers do take place from time to time:

    Prikaži ovu nit
    Poništi
  9. 11. sij

    DNSSEC survey baseline DS algorithm counts (by number of domains having at least one DS RR for that algorithm). Too early to expect a downward trend in algorithms 5 and 7 as yet. It will be interesting to see how this evolves.

    Prikaži ovu nit
    Poništi
  10. 10. sij

    In a random sample of 1000 domains using algorithm 5 or 7 DS RRs, ~1/3 each were hosted by and . I'd like to encourage TransIP and OVH to migrate hosted DNS domains to non-obsolete DNSKEY algorithms.

    Prikaži ovu nit
    Poništi
  11. 9. sij

    One problem case is a hosting provider using a single algorithm 5 or 7 key for many unrelated domains. Any domain sharing the key can (for ~$10k) create an RRset that compromises (C)DNSKEY, TLSA, TXT, ... RRsets in one of the other domains. The largest such pool is ~148k domains!

    Prikaži ovu nit
    Poništi
  12. 8. sij

    It is time to move off DNSSEC algorithms 5 and 7, to 8 or preferably 13 (10 is also fine, but not widely used). The recent chosen-prefix attacks on SHA-1 make algorithms 5 and 7 fragile when some zone data is from outside parties.

    Prikaži ovu nit
    Poništi
  13. 4. sij

    Nice to see Jakob Schlyter (coauthor of the DANE RFC 6698) switching to use mx[1-4].smtp.goog.

    Prikaži ovu nit
    Poništi
  14. 2. sij

    Verisign completes migration of .COM zone ZSK from 1024-bit RSA to 1280-bit RSA, by retiring the 1024-ZSK from the .COM DNSKEY RRset. 🥳 RRSIG on stale DNSKEYs expires in ~9 days...

    Poništi
  15. 30. pro 2019.

    Some progress, today 179. It still seems that most Google customers take their cues from Google's published configuration guides and not my tweets. My marketing department will have to try 29 billion percent harder. :-)

    Prikaži ovu nit
    Poništi
  16. 23. pro 2019.

    The 29 billion% on Oct 28th has been replaced with a more modest 91%: with that, the remaining puzzle is the much deeper troughs (each Friday) in recent outbound TLS percentages.

    Prikaži ovu nit
    Poništi
  17. 16. pro 2019.
    Poništi
  18. 15. pro 2019.

    1. Google inbound TLS Jan 1 to present: ~93-95% 2. Google outbound TLS Jan 1 to Oct 26: ~89-93% 3. Google outbound TLS Nov 1 to present: ~79-90% ??? This combined with the 29 billion % on Oct 28th looks surprising.

    Prikaži ovu nit
    Poništi
  19. 14. pro 2019.

    In ~3.5h, for the first time will show DNSKEY alg 13 (P-256) having the top count of KSK zones: alg zones 13 3,838,105 8 3,837,699 7 2,203,045 5 288,655 10 254,613 14 82,840 Brought to you courtesy of one․com alg rollover. Thanks!

    Poništi
  20. 13. pro 2019.

    The shared MX host of haarlem․nl and zandvoort․nl now has DANE TLSA records. Congratulations and thanks to .

    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·