HackerTrans
TopNewTrendsCommentsPastAskShowJobs

donselaar

no profile record

Submissions

Tell HN: Atlassian is blackmailing me with my company's shadow IT

8 points·by donselaar·hace 3 años·5 comments

The startup ABC of concepts and terms to avoid

gist.github.com
2 points·by donselaar·hace 3 años·0 comments

Errors from Microsoft's Cloud

errorsazurethrows.tumblr.com
1 points·by donselaar·hace 3 años·0 comments

comments

donselaar
·hace 2 años·discuss
That's funny, I used to keep a similar blog on my experience on Microsoft's Cloud. On Thumblr instead of Mastodon. Precously submitted to HN: https://news.ycombinator.com/item?id=12788098
donselaar
·hace 3 años·discuss
Makes sense indeed. It exists and it's called DANE. https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Na...
donselaar
·hace 3 años·discuss
Well, roughly 30% globally and 60% in my country (The Netherlands) where the government mandates it for governmental systems. Source: https://stats.labs.apnic.net/dnssec
donselaar
·hace 3 años·discuss
You're right that DANE kind of implies DNSSEC. Technically it can go without, but it's quite pointless to do because you cannot trust your TLSA record without DNSSEC.

DNSSEC works in an air gapped network when you deploy your own trust anchor in your DNS. I wouldn't touch a domain name that you don't own yourself (like google.com) but instead only use a domain name you purchased.

It surprises me that DANE is even listed on caniuse.com! I expected it to be way to exotic to be on that list. I'm under no illusion that browsers are going to support this anytime soon unfortunately.

Now let's hope I didn't wake up tptacek to lecture us on how DNSSEC is bad and how it will eat your children. ;)
donselaar
·hace 3 años·discuss
I really hope DANE will become more popular (and widely supported) some time. Works great on air gapped networks without the need for a publicly trusted CA or Let's Encrypt. No ACME daemon to monitor, just put your public key in a DNS record an forget about it.