fsebugoutzone.org:9999

       Post Ab26bTFXfE9X3h8YVc by ruff@social.librem.one
 (DIR) More posts by ruff@social.librem.one
 (DIR) Post #Ab1nJyFNmNckr00KBc by daniel@gultsch.social
       2023-10-22T12:17:51Z
       
       1 likes, 0 repeats
       
       We should thank German authorities for reminding us of the importance of CAA records. I&#39;ve set mine up today (and tested them).
       
 (DIR) Post #Ab1yZXOeTXpzhvxubI by markus@muenchen.social
       2023-10-22T14:23:54Z
       
       0 likes, 0 repeats
       
       @daniel do we have any knowledge about the CA used by the German authorities? CAA entries would be useless as the CA I use is involved, right?
       
 (DIR) Post #Ab21czvPAFIwuxcvPE by daniel@gultsch.social
       2023-10-22T14:58:10Z
       
       0 likes, 0 repeats
       
       @markus In this particular case they used Lets Encrypt. Having CAA entries means they need to involve more and more people (Certificate Authorities, DNS providers, etc). It’s not about preventing all attacks it’s about putting up more barriers.
       
 (DIR) Post #Ab26bTFXfE9X3h8YVc by ruff@social.librem.one
       2023-10-22T15:53:54Z
       
       0 likes, 0 repeats
       
       @daniel I went to add it to my domain just to realize with a big surprise I have already set it (don&#39;t remember that at all).
       
 (DIR) Post #Ab2HkDwt1LHfhomsoC by antondollmaier@mastodon.social
       2023-10-22T17:58:42Z
       
       0 likes, 0 repeats
       
       @daniel probably important to add: it is not enough to just add a CAA record for let&#39;s encrypt.The combination with the account URI is what would IMHO have greatly increased the complexity/security:https://letsencrypt.org/docs/caa/(And monitor for changes)
       
 (DIR) Post #Ab2JkcKGaSJzDb2Rwe by daniel@gultsch.social
       2023-10-22T18:21:14Z
       
       0 likes, 0 repeats
       
       @antondollmaier indeed. Personally I&#39;ve also pinned the verification method (to DNS). More information can also be found in this blog post https://snikket.org/blog/on-the-jabber-ru-mitm/ by @snikket_im
       
 (DIR) Post #Ab2SXO1fLGYCgs6WEi by barbarossa@chaos.social
       2023-10-22T19:59:40Z
       
       0 likes, 0 repeats
       
       @daniel what did they do?
       
 (DIR) Post #Ab2VPB2W2Zu7xaHLRA by whynothugo@fosstodon.org
       2023-10-22T20:31:48Z
       
       0 likes, 0 repeats
       
       @daniel It hasn&#39;t really been confirmed that it was the authorities (and not some rogue employees). Assuming it was them, yeah, really nice way to invest in public education.
       
 (DIR) Post #Ab3ZngTEI1JIQGQz4a by markus@muenchen.social
       2023-10-23T08:55:43Z
       
       0 likes, 0 repeats
       
       @daniel thank you for the information