HackerTrans
TopNewTrendsCommentsPastAskShowJobs

donselaar

no profile record

Submissions

Tell HN: Atlassian is blackmailing me with my company's shadow IT

8 points·by donselaar·قبل 3 سنوات·5 comments

The startup ABC of concepts and terms to avoid

gist.github.com
2 points·by donselaar·قبل 3 سنوات·0 comments

Errors from Microsoft's Cloud

errorsazurethrows.tumblr.com
1 points·by donselaar·قبل 3 سنوات·0 comments

comments

donselaar
·قبل سنتين·discuss
That's funny, I used to keep a similar blog on my experience on Microsoft's Cloud. On Thumblr instead of Mastodon. Precously submitted to HN: https://news.ycombinator.com/item?id=12788098
donselaar
·قبل 3 سنوات·discuss
Makes sense indeed. It exists and it's called DANE. https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Na...
donselaar
·قبل 3 سنوات·discuss
Well, roughly 30% globally and 60% in my country (The Netherlands) where the government mandates it for governmental systems. Source: https://stats.labs.apnic.net/dnssec
donselaar
·قبل 3 سنوات·discuss
You're right that DANE kind of implies DNSSEC. Technically it can go without, but it's quite pointless to do because you cannot trust your TLSA record without DNSSEC.

DNSSEC works in an air gapped network when you deploy your own trust anchor in your DNS. I wouldn't touch a domain name that you don't own yourself (like google.com) but instead only use a domain name you purchased.

It surprises me that DANE is even listed on caniuse.com! I expected it to be way to exotic to be on that list. I'm under no illusion that browsers are going to support this anytime soon unfortunately.

Now let's hope I didn't wake up tptacek to lecture us on how DNSSEC is bad and how it will eat your children. ;)
donselaar
·قبل 3 سنوات·discuss
I really hope DANE will become more popular (and widely supported) some time. Works great on air gapped networks without the need for a publicly trusted CA or Let's Encrypt. No ACME daemon to monitor, just put your public key in a DNS record an forget about it.