RT @tqbf: Google takes an affirmative step towards finally killing off DNSSEC, deploys MTA-STS. https://security.googleblog.com/2019/04/gmail-making-email-more-secure-with-mta.html …
-
-
I did not think they were *that* closely related. DNSSEC makes sure you're receiving an authentic DNS record, and MTA-STS forces TLS connections in email delivery. So SMTP is safer without the need for DNSSEC. What about all the other protocols?
1 reply 0 retweets 0 likes -
Replying to @Scott_Dayman @jedisct1
What other protocols are you thinking about?
1 reply 0 retweets 0 likes -
SSH, NTP, FTP (eek!)…
1 reply 0 retweets 0 likes -
Replying to @Scott_Dayman @jedisct1
SSH doesn’t depend on the DNS for security; in fact, not depending on the DNS is the entire purpose of SSH (it replaces the DNS-dependent r-commands).
3 replies 0 retweets 0 likes -
I'd like to know I'm SSH'ing to the right server. There's a chance the host has an SSHFA record…but that depends on DNSSEC. Isn't the point of DNSSEC to stop MITMing DNS?
3 replies 0 retweets 0 likes
Use a CA insteadhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/deployment_guide/sec-creating_ssh_ca_certificate_signing-keys …
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.